675 matches found
CVE-2026-20406
CVE-2026-20406 affects Modem with a vulnerability in which an uncaught exception can cause a system crash, enabling remote denial of service when a UE connects to a rogue base station. This does not require user interaction or privileges. Connected advisories (Red Hat, NVD, CVE lists) confirm the...
CVE-2026-20406
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...
CVE-2026-20401
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...
CVE-2026-20401
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...
CVE-2026-20401
CVE-2026-20401 affects Modem. It describes a crash caused by an uncaught exception that could allow remote denial of service when a User Equipment connects to a rogue base station, with no additional execution privileges or user interaction required. A patch is listed as MOLY01738310 (MSV-5933). ...
CVE-2026-20401
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...
EUVD-2026-5149
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...
PT-2026-5629
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description A system crash due to an uncaught exception may lead to remote denial of service. This can occur if a User Equipment UE connects to a rogue base station controlled by an attacker, requiring no...
PT-2026-5641
In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote proximal/adjacent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 /...
PT-2026-5624
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description A system crash due to an uncaught exception may lead to remote denial of service. This can occur if a User Equipment UE connects to a rogue base station controlled by an attacker, requiring no...
GHSA-37QJ-FRW5-HHJH fast-xml-parser has RangeError DoS Numeric Entities Bug
Summary A RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-range entity code points e.g., or . This causes the parser to throw an uncaught exception, crashing any application that processes untrusted XML input. Details The...
CVE-2026-25128
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-rang...
Uncaught Exception
Overview fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Uncaught Exception in the numeric entity processing when parsing XML containing out-of-range entity code points. An attacker can cause the application...
Uncaught Exception
Overview org.webjars.npm:fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Uncaught Exception in the numeric entity processing when parsing XML containing out-of-range entity code points. An attacker can cause...
PT-2026-5410
Name of the Vulnerable Software and Affected Versions fast-xml-parser versions 4.3.6 through 5.3.3 Description fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.3.6 through 5.3.3, a...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception via the oneflow.logicalor function. An attacker can cause the application to crash by submitting specially crafted input. Remediation There is no fixed version for oneflow. References - GitHub Issue Credit: Daisy2ang...
BIT-NODE-2025-59466
We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications that rely on...
BIT-NODE-MIN-2025-59466
We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications that rely on...
AZL-74985 CVE-2025-59466 affecting package nodejs for versions less than 20.14.0-13
We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications that rely on...
CVE-2025-59466
We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications that rely on...