405 matches found
EUVD-2026-34991
A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...
CVE-2026-8714
A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful exploitation may cause the RTS...
CVE-2026-28578
In multiple functions of DevicePolicyManagerService.java, there is a possible desync from persistence due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-31960
HCL BigFix Service Management SM is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumercompany parameter during a report-viewing request causes the application to trigger an...
CVE-2026-24089
Memory corruption while processing fastboot commands with invalid input...
CVE-2026-8714
A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful exploitation may cause the RTS...
CVE-2026-8714
A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful exploitation may cause the RTS...
PT-2026-46984
A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful exploitation may cause the RTS...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
EUVD-2026-33846
Memory corruption while processing fastboot commands with invalid input...
CVE-2026-24089
Memory corruption while processing fastboot commands with invalid input...
CVE-2026-24089
Memory corruption while processing fastboot commands with invalid input...
CVE-2026-24089
CVE-2026-24089 describes memory corruption that occurs when processing fastboot commands with invalid input. The NVD entry lists a CVSS v3.1 base score of 7.2 (HIGH) with physical attack vector, low attack complexity, no user interaction, requiring high privileges, and a changed scope. The impact...
CVE-2026-24089 Improper Validation of Syntactic Correctness of Input in Kernel
Memory corruption while processing fastboot commands with invalid input...
PT-2026-45644
Memory corruption while processing fastboot commands with invalid input...
CVE-2026-9521 fraillt bitsery std_smart_ptr.h loadFromSharedState improper validation of specified type of input
A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/stdsmartptr.h. Such manipulation leads to improper validation of specified type of input. It is possible to launch the attack remotely. The...
Astra Linux - уязвимость в thrift
In Apache Thrift versions 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when receiving invalid input data...
Astra Linux - уязвимость в glibc
The iconv program in the GNU C Library also known as glibc or libc6 version 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, resulting in a...
Astra Linux - уязвимость в unrar-nonfree
RARLAB WinRAR Recovery Volume: Improper validation of array index leads to remote code execution vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability, as the targe...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: bpf, testrun: Fixed a use-after-free issue in ethskbpkttype. KMSAN reported a use-after-free issue in ethskbpkttype1. The cause of the issue was that ethskbpkttype accessed data from skb that did not contain an Ethernet header...