314691 matches found
CVE-2026-40956
CVE-2026-40956 is a memory disclosure vulnerability in Secure Access client versions prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can cause a small amount of random memory to leak...
CVE-2026-55398
CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server...
CVE-2026-33443
CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server...
CVE-2026-33445
CVE-2026-33445 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server...
CVE-2026-33444
CVE-2026-33444 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server...
CVE-2026-33443
CVE-2026-33443 describes a memory management error in Secure Access servers prior to 14.55. The issue allows attackers who have intimate knowledge of and total control over the tunnel protocol to trigger a persistent DoS against the server. The provided documents do not specify affected product f...
CVE-2026-40956
CVE-2026-40956 is a memory-disclosure vulnerability in Secure Access client versions prior to 14.55. According to connected records, attackers who have intimate knowledge and total control over the tunnel protocol can cause a small amount of random memory to leak. The CVSS v4.0 score is 2.1 (LOW)...
CVE-2026-62353
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.14, source/libs/parser/src/parTokenizer.c tGetToken incremented past a trailing backslash in a SQL string literal such as 'abc\ and read one byte beyond the null terminator, allowing an authenticated user...
CVE-2026-62353
TDengine before version 3.4.1.14 contains an out-of-bounds read in the SQL lexer (parTokenizer.c tGetToken) where a trailing backslash in a string literal can cause the parser to read beyond the null terminator, potentially crashing the server and leaking adjacent memory. The issue requires an au...
CVE-2026-15746
CVE-2026-15746 affects strands-agents-tools’ elasticsearch_memory tool (used with Strands Agents SDK). The tool’s schema exposed connection parameters (es_url, cloud_id, api_key); if api_key is omitted, it falls back to the operator’s ELASTICSEARCH_API_KEY and may be sent to a host chosen by an L...
EUVD-2026-44762
Strands Agents is an open-source Python SDK for building and running AI agents. The strands-agents-tools package provides pre-built tools for use with the SDK, including the elasticsearchmemory tool for agent memory storage. We identified CVE-2026-15746, a server-side request forgery SSRF issue i...
CVE-2026-62389
ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...
CVE-2026-58658
GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify worker configuration by exploiting unprotected /serveLogs and /debug endpoints on the worker port...
CVE-2026-10673
The Zephyr ADIN2111/ADIN1110 10BASE-T1S/T1L Ethernet driver drivers/ethernet/ethadin2111.c reassembles received Ethernet frames in OPEN Alliance OA SPI mode by copying device-supplied 64-byte data chunks into a fixed static buffer ctx-buf of size CONFIGETHADIN2111BUFFERSIZE default 1524 bytes. In...
CVE-2026-14961
Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...
CVE-2026-10673
The CVE-2026-10673 affects the Zephyr ADIN2111/ADIN1110 Ethernet driver (drivers/ethernet/eth_adin2111.c) in OA SPI mode. The code reassembles frames by copying device-supplied 64-byte chunks into a fixed buffer (CONFIG_ETH_ADIN2111_BUFFER_SIZE, default 1524) without verifying that the write curs...
CVE-2026-20156
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
CVE-2026-14961
Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...
CVE-2026-14961 CVE-2026-14961
Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...
EUVD-2026-44731
Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...