CVE-2026-44634

SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleblewrite function local,...

CVE-2026-44634 Stack buffer overflows in SimpleBLE

SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleblewrite function local,...

EUVD-2026-35913

SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleblewrite function local,...

CVE-2026-44634

The CVE-2026-44634 affects SimpleBLE prior to version 0.14.0, with multiple stack-based buffer overflow flaws. One in the dongl backend’s Protocol::simpleble_write (local, caller-controlled input); two related to processing BLE advertisement data (manufacturer-specific and service data) that can ...

CVE-2026-44634 Stack buffer overflows in SimpleBLE

SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleblewrite function local,...

EUVD-2026-35353

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation via chanops.allocbuf and the chosen RX pool has a userdatasize smaller than 2 bytes, the segmentation counter stored in t...

ROS-20260609-73-0034

The vulnerability in Thunderbird is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

PT-2026-48338

SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleble write function local,...

PT-2026-47014

Name of the Vulnerable Software and Affected Versions NetMan 204 affected versions not specified Description Authentication is not enforced on administrative pages and command endpoints. A remote, unauthenticated attacker can directly request pages such as 'administration.html',...

ROS-20260605-73-0076

The vulnerability in Firefox is related to the lack of protection for service data. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

ROS-20260605-73-0039

The vulnerability in Tomcat11 is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

ROS-20260605-73-0021

The vulnerability in Portainer-Ce is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

ROS-20260605-73-0038

The vulnerability in Tomcat10 is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

ROS-20260605-73-0037

The vulnerability in Tomcat is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2024-14036

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...

ROS-20260515-73-0002

Vulnerability in firebird due to lack of service data protection. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

CVE-2026-42150 wlc: print_html outputs API data without HTML escaping, enabling stored XSS

wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0...

BIT-JAVA-2020-2755

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

JLSEC-2026-394

When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...

CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2capecreddatarcv l2capecreddatarcv reads the SDU length field from skb-data using getunalignedle16 without first verifying that skb contains at least...