264 matches found
CVE-2026-31814
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...
PT-2026-28359
Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race C++ undefined behavior triggered by a 1-phase ↔ 3-phase switch request ac switch three phases while charging...
Malicious code in nf-promise-state-machine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc012f9411ceaa957f4b364f6b1443d3244155de13f5fc0ccb759ad682bd0ae7 The package nf-promise-state-machine was found to contain malicious code...
MAL-2026-2376 Malicious code in nf-promise-state-machine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc012f9411ceaa957f4b364f6b1443d3244155de13f5fc0ccb759ad682bd0ae7 The package nf-promise-state-machine was found to contain malicious code...
CVE-2026-2645
In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 wolfSSL 5.8.2 and earlier is...
CVE-2026-31814
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...
CVE-2026-31814
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...
Yamux 输入验证错误漏洞
Yamux is a multiplexer developed under the open-source Libp2p project in the United States. Versions of Yamux from 0.13.0 to 0.13.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from a specially crafted WindowUpdate that could cause an arithmetic overflo...
curl: Curl Telnet Handler Buffer Overflow
Summary: I found a buffer overflow in curl's telnet protocol handler that allows remote memory corruption without authentication. The bug is in the CURLSBACCUM macro in lib/telnet.c line 69, where the bounds check lets you write one byte past the end of a 512-byte buffer. When curl receives 512+...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the osdfault function not resetting the sparse read state. This could lead to state machine error...
CVE-2026-24003 EvseV2G has sequence state validation bypass
EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, thereby updating the current context with...
curl: Infinite loop issue in the state machine of the curl project
Summary: Vulnerability impact: When curl attempts to download files from a malicious FTP server, it triggers an infinite loop in the code execution. I discovered this issue in the FTP functionality of the curl project .As described in...
net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY
...
[SECURITY] Fedora 42 Update: qt5-qtscxml-5.15.18-1.fc42
The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...
CVE-2025-40061 RDMA/rxe: Fix race in do_task() when draining
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race in dotask when draining When dotask exhausts its iteration budget !ret, it sets the state to TASKSTATEIDLE to reschedule, without a secondary check on the current task-state. This can overwrite the...
EUVD-2017-3891
Malware in sbrugna...
EUVD-2015-2811
Malware in sbrugna...
RLSA-2025:12187 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox: thunderbird: Incorrect URL stripping in CSP reports CVE-2025-80...
EUVD-2025-15839
Malicious code in bioql PyPI...
EUVD-2023-2573
Malicious code in bioql PyPI...