lwip-2026-pocs

lwip-2026-pocs Proof-of-concept exploits from the xchglabs...

CVE-2026-5535 FedML-AI FedML MQTT Message FileUtils.java path traversal

A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. The attack is possible to be carried out remotely. The...

CVE-2026-32696

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

CVE-2026-27816

Summary of CVE-2026-27816 : In EVerest’s EV charging software stack, PRIOR to version 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. When schema validation is disabled by default, over...

CVE-2021-41036

In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check remlen size in readpacket...

CVE-2025-9161

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...

CVE-2023-1748

The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server MQTT server and the ability to remotely control garage door...

CVE-2024-31856

An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code...

SUSE CVE-2016-9877

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provid...

CVE-2023-24156

A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...

CVE-2021-0229

An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport MQTT server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service DoS by sending a stream of specific packets. A Juniper Extension Toolkit JET...

PT-2016-7860 · Pivotal +4 · Rabbitmq +3

Name of the Vulnerable Software and Affected Versions: Pivotal RabbitMQ versions 3.x through 3.5.7 Pivotal RabbitMQ versions 3.6.x through 3.6.5 RabbitMQ for PCF versions 1.5.x through 1.5.19 RabbitMQ for PCF versions 1.6.x through 1.6.11 RabbitMQ for PCF versions 1.7.x through 1.7.6 Description:...