CVE-2026-46727

Ruby 4 before 4.0.5 contains a race condition that can cause a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c). A remote attacker able to delay DNS responses near the user-specified timeout could crash a Ruby process calling Addrinfo.geta...

CocoaMQTT 安全漏洞

CocoaMQTT is an MQTT client library open sourced by EMQ Technologies. Versions of CocoaMQTT prior to 2.2.2 contained a security vulnerability. This vulnerability stemmed from issues with the data packet parsing logic, allowing attackers or malicious MQTT proxies to remotely crash iOS, macOS, or...

CVE-2026-26008

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access std::vector that leads to possible remote crash/memory corruption. This is because the CSMS sends UpdateAllowedEnergyTransferModes over the network. Version 2026.2.0 contains a patch...

EVerest 缓冲区错误漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2026.02.0 contained a buffer error vulnerability, which was caused by out-of-bounds access, potentially leading to remote crashes or memory corruption...

EVerest 资源管理错误漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2026.02.0 contained a resource management vulnerability. This vulnerability stemmed from the ISO15118chargerImpl::handlesessionsetup function using a released v2gctx after...

NanoMQ 代码问题漏洞

NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Version 0.24.6 of NanoMQ contains a code vulnerability that stems from inconsistent protocol parsing or forwarding during the handling of shared subscriptions. This vulnerability may lead to remote crashes...

PT-2026-20976

Name of the Vulnerable Software and Affected Versions libssh-config affected versions not specified Description The software is susceptible to a denial of service due to improper handling of configuration files. Recommendations At the moment, there is no information about a newer version that...

CVE-2025-35436

CVE-2025-35436 affects the CISA Thorium framework used for malware analysis. The vulnerability arises from using .unwrap() to handle errors in account verification email logic, enabling an unauthenticated remote attacker to crash the service by supplying a crafted email address/response. The issu...

CVE-2025-10225

Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 in the OpenSSL-based session module in AxxonSoft Axxon One C-Werk 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering...

USN-7734-1 ruby2.5, ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities

It was discovered that Ruby incorrectly handled certain IO stream methods. A remote attacker could use this issue to cause Ruby to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS. CVE-2024-27280 It was discovered that th...

CVE-2025-25528

Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. By successfully exploiting the vulnerabilities, attackers can crash the remote devices or execute arbitrary commands without any...

Monero: Remote memory exhaustion in Epee RPC stack under zero Receive Window

The Epee RPC stack in Monero was vulnerable to memory exhaustion attacks. Delayed ACK or zero Receive Window advertisements could cause the server to keep responses in the send queue until memory was exhausted. This could lead to remote crashes of Monero nodes that exposed their RPC interfaces...

The vulnerability of the EVP_PKEY_public_check() function in the OpenSSL library allows a attacker to cause a service failure.

The vulnerability of the EVPPKEYpubliccheck function in the OpenSSL library is related to pointer arithmetic errors. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

USN-6334-1 atftp vulnerabilities

Peter Wang discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. CVE-2020-6097 Andreas B. Mundt discovered that atftp did not properly manage certain inputs. A remote attacker could send a...

DEBIAN-CVE-2023-39949

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions...

UBUNTU-CVE-2023-39948

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the BadParamException thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 conta...

CVE-2023-37915

OpenDDS is an open source C++ implementation of the Object Management Group OMG Data Distribution Service DDS. OpenDDS crashes while parsing a malformed PIDPROPERTYLIST in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage...

SUSE CVE-2015-1260

Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...

SUSE CVE-2016-5257

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird 45.4 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

Krill 安全漏洞

Krill is a flexible and scalable RPKI Certificate Authority. Krill suffers from a security vulnerability that stems from the built-in "/rrdp" endpoint being directly exposed to the Internet, where a malicious remote party could cause the publishing server to crash...