1167 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: x86-android-tablets: Devices are unregistered in reverse order. Not all subsystems support the removal of a device when there are still consumers referencing that device. One example is the regulator subsystem. If a...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the skipGroup function. An attacker can cause a service crash by sending a crafted protobuf payload with a negative length in a length-delimited field inside a group, leading to an unchecked runtime...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the skipGroup function. An attacker can cause a service crash by sending a crafted protobuf payload with a negative length in a length-delimited field inside a group, leading to an unchecked runtime...
ai.pipestream:account-manager (=0.0.22), ai.pipestream:account-service (>=0.0.2 <=0.0.18) +413 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime-jvm (>=3.0.0-alpha03 <=5.3.3)
com.squareup.wire:wire-runtime-jvm MAVEN version =3.0.0-alpha03, =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.1.1, =0.2.7, =0.7.21, =0.7.21, =0.7.21, =0.1.7, =0.1.31 and more Source cves: CVE-2026-45799 Source advisory: OSV:GHSA-7XPR-HC2W-34M9...
ai.looktech.ltrpc.schema:app-server (>=1.0.2 <=2.7.0), ai.looktech.ltrpc.schema:bt-app (=1.0.1) +493 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (>=1.0.0 <=6.2.0)
com.squareup.wire:wire-runtime MAVEN version =1.0.0, =1.0.2, =1.0.2, =0.0.1, =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.1.1, =0.2.7, =0.7.21, =0.7.21, =0.7.26 and more Source cves: CVE-2026-45799 Source advisory: OSV:GHSA-7XPR-HC2W-34M9...
ai.looktech.ltrpc.schema:app-server (>=2.0.0 <=2.7.0), ai.looktech.ltrpc.schema:bt-server (>=2.0.0 <=2.7.0) +49 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (>=6.0.0-alpha01 <=6.2.0)
com.squareup.wire:wire-runtime MAVEN version =6.0.0-alpha01, =2.0.0, =2.0.0, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =1.0.0-alpha06, =2.0.0-alpha04, =2026.03.19.180705-f87ffc7, =2026.03.19.180705-f87ffc7, =2026.03.19.180705-f87ffc7, =2026.03.19.180705-f87ffc7, =2026.03.19.180705-f87ffc7,...
com.squareup.wire:com.squareup.wire.gradle.plugin (>=7.0.0-alpha01 <=7.0.0-alpha02), com.squareup.wire:wire-compiler (>=7.0.0-alpha01 <=7.0.0-alpha02) +11 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime-jvm (>=7.0.0-alpha01 <=7.0.0-alpha02)
com.squareup.wire:wire-runtime-jvm MAVEN version =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha02 Source...
ai.looktech.ltrpc.schema:app-server-android (>=2.0.0 <=2.7.0), ai.looktech.ltrpc.schema:app-server-jvm (>=2.0.0 <=2.7.0) +110 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime-jvm (>=6.0.0-alpha01 <=6.2.0)
com.squareup.wire:wire-runtime-jvm MAVEN version =6.0.0-alpha01, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =2.0.0-alpha04, =2.0.0-alpha04, =2.0.0-alpha04, =2026.03.26.140500-911435f, =2026.03.26.140500-911435f,...
com.squareup.wire:wire-grpc-client (>=7.0.0-alpha01 <=7.0.0-alpha02), com.squareup.wire:wire-schema (>=7.0.0-alpha01 <=7.0.0-alpha02) +1 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (>=7.0.0-alpha01 <=7.0.0-alpha02)
com.squareup.wire:wire-runtime MAVEN version =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha02 Source cves: CVE-2026-45799 Source advisory: SNYK:JAVA-COMSQUAREUPWIRE-16771313...
com.squareup.wire:wire-grpc-client (>=7.0.0-alpha01 <=7.0.0-alpha02), com.squareup.wire:wire-schema (>=7.0.0-alpha01 <=7.0.0-alpha02) +1 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (>=7.0.0-alpha01 <=7.0.0-alpha02)
com.squareup.wire:wire-runtime MAVEN version =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha02 Source cves: CVE-2026-45799 Source advisory: OSV:GHSA-7XPR-HC2W-34M9...
GHSA-7XPR-HC2W-34M9 Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service
CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...
Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service
CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow flaw has been discovered in FreeRDP. In affected versions RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array...
PT-2026-42032
CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...
PT-2026-41958
Name of the Vulnerable Software and Affected Versions go-git versions prior to v5 Description The SSH transport in go-git constructs the remote exec command by wrapping the repository path in single quotes but fails to escape single quotes embedded within that path. This allows a repository path...
GHSA-J8P6-96VP-F3R9 OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages
Summary Malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry agent and cause a denial of service. The parser operates on raw attacker-controlled network payloads before the input is fully validated...
iskorotkov/avro: Integer Overflow in Decoder
Integer Overflow in Avro Decoder Summary Several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets GOARCH=386, arm, mips,...
PT-2026-41799
Name of the Vulnerable Software and Affected Versions iskorotkov/avro versions prior to 2.33.0 github.com/hamba/avro/v2 versions prior to 2.32.0 Description Several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before...
CVE-2025-15023
creationtimestamp| type| source ---|---|--- 2026-05-17 15:01:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mm2mvjiwjf2e...
CVE-2026-42334
creationtimestamp| type| source ---|---|--- 2026-05-17 14:01:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mm2jkjeyun2z...