CVE-2026-37231

FlexRIC v2.0.0 uses a uint16t counter for xappid assignment but stores the value in uint32t message fields. After 65,530+ E42SETUPREQUESTs, the 16-bit counter wraps around and produces duplicate xappids. The iApp port 36422 crashes when attempting to register a duplicate ID in its internal data...

CVE-2026-45090

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

CVE-2026-45090

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

EUVD-2026-32613

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

CVE-2026-46085

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM errors from decryption by aborting. Further, remove the WARNONONCE so that it can't be remotely trigger...

PT-2026-37216

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow occurs in the HTTP Request Handler component when manipulating the Name argument. This issue is located within the tggl asp function of the '/tggl.asp' endpoint and can be trigger...

PT-2026-37223

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow exists in the CGI Handler component within the /user group.asp file. This issue occurs in the sprintf function and can be triggered remotely through manipulation. Recommendations ...

Astra Linux - уязвимость в libproxy

In url.cpp within libproxy versions 0.4.x to 0.4.15, it is possible for a remote HTTP server to trigger uncontrolled recursion by sending a response that consists of an infinite stream without a newline character. This leads to a stack exhaustion issue...

CVE-2026-28221

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

EUVD-2026-26270

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

CVE-2026-32135 NanoMQ has Heap Buffer Overflow in URI Parameter Parsing

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the uriparamparse function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for query parameter keys an...

CVE-2026-25627

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path...

CVE-2026-25627 nanomq: OOB Read / Crash (DoS) via Malformed MQTT Remaining Length over WebSocket

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path...

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

CVE-2026-0966 Libssh: libssh: denial of service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

CVE-2026-0966 Libssh: libssh: denial of service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

CVE-2026-0966

CVE-2026-0966 affects the libssh library with a buffer underflow in ssh_get_hexa() on invalid input. The issue occurs because ssh_get_hexa() is used by ssh_get_fingerprint_hash() and the deprecated ssh_print_hexa(), and also in gssapi logging. Remote triggering is possible when GSSAPI authenticat...

CVE-2026-1005

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...

CVE-2026-1005

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...

PT-2026-26313

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl DecodePacket. The underflow wraps a 16-bit length to a large...