CVE-2025-66769

A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service DoS via a crafted XFA packet...

CVE-2026-7164

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...

CVE-2026-38719

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enetencap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled itemcount value that is not consistently...

CVE-2026-5778

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CVE-2026-32961

SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in packet data processing of sxsmpd. Processing a crafted packet may cause a temporary denial-of-service DoS condition...

CVE-2026-5590

A race condition during TCP connection teardown can cause tcprecv to operate on a connection that has already been released. If tcpconnsearch returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcpbacklogisfull and dereferenced without validatio...

CVE-2025-13926

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T...

CVE-2026-39864

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...

CVE-2026-8369

Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options...

CVE-2026-7422

Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection...

CVE-2026-9054

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

CVE-2026-6346

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support packet to obtain sensitive credentials in...

CVE-2026-6347

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

CVE-2026-42304

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...

CVE-2026-42781

When embedded Packet Velocity Acceleration ePVA acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel TMM resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40434

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic...

CVE-2025-59174

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

CVE-2025-59174

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

CVE-2025-59174

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...