6 matches found
CVE-2026-45257 Arbitrary file overwrite via the KTLS receive path
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...
CVE-2026-43897
Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...
CVE-2026-43897 Link Preview JS: vunerable to IPv6 and internal loopback attacks
Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...
EUVD-2026-13964
OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect to the exposed noVNC port to observe or interact wi...
CVE-2003-0415
Remote PC Access Server 2.2 allows remote attackers to cause a denial of service crash by receiving packets from the server and sending them back to the server...
TCP Loopback DoS Attack (land.c) and Cisco Devices
...