CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Overview Rapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol VoIP phone. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-0826. A remote attacker can leverage CVE-2026-08...

CVE-2026-38740

Foscam VD1 Video Doorbell before V5.3.131072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

CVE-2026-38740

Foscam VD1 Video Doorbell before V5.3.131072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

CVE-2026-38740

CVE-2026-38740 affects the Foscam VD1 Video Doorbell (pre‑V5.3.13_1072). The root cause is cleartext transmission of sensitive SDP data, including ICE credentials and candidates, exposed over network interfaces. An attacker with network visibility can intercept these credentials to hijack media s...

CVE-2026-38740

Foscam VD1 Video Doorbell before V5.3.131072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

Foscam VD1 Video Doorbell 安全漏洞

The Foscam VD1 Video Doorbell is a smart video doorbell from the American company Foscam, capable of supporting high-definition video surveillance and two-way voice communication. Versions of the Foscam VD1 Video Doorbell prior to V5.3.131072 contained security vulnerabilities. These...

CVE-2026-38740

Foscam VD1 Video Doorbell before V5.3.131072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

CVE-2026-5655

A flaw was found in Wireshark. A local user could be tricked into opening a specially crafted capture file containing Session Description Protocol SDP data. Processing this malicious data could lead to a crash in the SDP protocol dissector, resulting in a denial of service for the application...

Astra Linux - уязвимость в wireshark

The SDP protocol dissector in Wireshark versions 4.6.0 to 4.6.4 allows for a denial of service attack...

UBUNTU-CVE-2026-5655

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service...

EUVD-2026-26325

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service...

CVE-2026-5655 Use After Free in Wireshark

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service...

CVE-2026-5655

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service...

Wireshark 资源管理错误漏洞

Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.4 contained a resource management vulnerability, which was caused by a crash i...

KLA91017 Multiple vulnerabilities in Wireshark

Multiple vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Heap overflow vulnerability in TLS protocol dissector can be exploited to cause denial of service...

CVE-2026-41416

A flaw was found in PJSIP, a free and open-source multimedia communication library. A remote attacker could exploit an integer overflow vulnerability when processing a crafted Session Description Protocol SDP message with asymmetric ptime configuration. This overflow leads to an undersized buffer...

CVE-2026-41416

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can...

CVE-2026-41416 PJSIP: Asymmetric ptime integer overflow in Media Stream

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can...

PJSIP 输入验证错误漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Versions of PJSIP 2.16 and earlier contained a vulnerability related to input validation errors. This...

PT-2026-35059

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.17 Description An integer overflow occurs in the media stream buffer size calculation when processing Session Description Protocol SDP with asymmetric ptime configuration. This overflow can lead to an undersized buffe...