CVE-2026-10650

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...

CVE-2026-10650 warmcat libwebsockets SSH Protocol sshd.c lws_ssh_parse_plaintext resource consumption

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...

CVE-2026-45037

Tabby (formerly Terminus) is affected prior to version 1.0.232. The terminal linkifier passes any detected URI directly to the OS protocol handler without validating the protocol scheme, allowing a malicious SSH or Telnet server to deliver crafted terminal output containing dangerous protocol URI...

CVE-2026-23825

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may...

Astra Linux - уязвимость в firefox

When opening a website using the firefox:// protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox versions 123...

Astra Linux - уязвимость в firefox

Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox versions earlier than 121...

EUVD-2026-20860

A vulnerability was determined in Tenda i12 1.0.0.113862. The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2026-34773

A flaw was found in Electron, a framework for building desktop applications. On Windows, the app.setAsDefaultProtocolClient function did not properly validate protocol names before writing to the system registry. This vulnerability could allow a local attacker, through an application that process...

CVE-2026-34773

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass...

GHSA-MWMH-MQ4G-G6GR Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Impact On Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCU\Software\Classes, potentially hijacking existing protocol...

PT-2026-30189

A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...

PT-2026-29672

Name of the Vulnerable Software and Affected Versions Go MCP SDK versions prior to 1.4.0 Description The Go MCP SDK, utilizing Go's standard encoding/json, did not enable DNS rebinding protection by default for HTTP-based servers prior to version 1.4.0. When an HTTP-based MCP server was run on...

CVE-2026-23398 icmp: fix NULL pointer dereference in icmp_tag_validation()

In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmptagvalidation icmptagvalidation unconditionally dereferences the result of rcudereferenceinetprotosproto without checking for NULL. The inetprotos array is sparse -- only about 15 of 256...

CVE-2026-23398 icmp: fix NULL pointer dereference in icmp_tag_validation()

In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmptagvalidation icmptagvalidation unconditionally dereferences the result of rcudereferenceinetprotosproto without checking for NULL. The inetprotos array is sparse -- only about 15 of 256...

CVE-2026-33335

Vikunja Desktop Electron wrapper risk (CVE-2026-33335). The vulnerability affects Vikunja Desktop prior to 2.2.0, where URLs from window.open() are passed directly to shell.openExternal() without validation or protocol allowlisting. An attacker who can insert a link (e.g., target="_blank" in user...

SUSE CVE-2013-1085

Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter...

CVE-2026-23566 Log Injection in Content Distribution Service UDP Handler

A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. Th...

CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

CVE-2026-1324

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...