168 matches found
PT-2026-26313
Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl DecodePacket. The underflow wraps a 16-bit length to a large...
CVE-2026-32724
The CVE-2026-32724 vulnerability affects PX4 Autopilot: a heap-use-after-free in MavlinkShell::available() caused by a race between the MAVLink receiver thread (shell creation/destruction) and the telemetry sender thread (polling output). It is triggerable remotely via MAVLink SERIAL_CONTROL mess...
CVE-2026-28448
OpenClaw OpenClaw (Twitch plugin) versions 2026.1.29 through 2026.2.0 are affected. The vulnerability resides in the Twitch plugin’s access-control logic (checkTwitchAccessControl in extensions/twitch/src/access-control.ts): when allowFrom is configured and allowedRoles is unset or empty, the cod...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the SessionDeletionResponse function of the SMF component. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference remotely. Remediation Upgrad...
CVE-2025-68699
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions $share/. A malformed SUBSCRIBE topic such as $share/ab missing the second / is not strictly validated during the...
CVE-2025-64438
Fast DDS (eProsima) before versions 3.4.1, 3.3.1, and 2.6.11 has a remotely triggerable OOM DoS via RTPS GAP submessages under RELIABLE QoS. A tiny GAP with a huge gap range causes StatefulReader::processGapMsg() to loop unboundedly, inserting millions of sequence numbers into WriterProxy::change...
CVE-2026-23744
CVE-2026-23744 affects MCPJam Inspector up to version 1.4.2. The Nuclei template and related sources describe a remote code execution (RCE) vulnerability exploitable via the /api/mcp/connect endpoint. The flaw arises from passing user-controlled input to shell execution, and the service is expose...
CVE-2022-31710
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000318)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000318 advisory. An issue was found in Linux kernel before 5.5.4. mwifiexretwmmgetstatus in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buff...
CVE-2026-0580
A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a remote device sending an invalid connection request during a BT connectable LE scan, which could result in a transient denial of service...
CVE-2025-41707
The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality...
EUVD-2017-18200
Malware in sbrugna...
EUVD-2022-29571
Malicious code in bioql PyPI...
EUVD-2025-26423
Malicious code in bioql PyPI...
EUVD-2022-15979
Malicious code in bioql PyPI...
EUVD-2025-25737
Malicious code in bioql PyPI...
CVE-2025-54811
OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...
CVE-2025-10778 Smartstore Gift Voucher confirm race condition
A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...
CVE-2025-55118
Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n"; Control-M/Agent 9.0.21 and 9.0.22: Agent router...