EUVD-2026-23535

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

EUVD-2026-16197

EVerest is an EV charging software stack. Prior to version 2026.02.0, HomeplugMessage::setuppayload trusts len after an assert; in release builds the check is removed, so oversized SLAC payloads are memcpy'd into a 1497-byte stack buffer, corrupting the stack and enabling remote code execution fr...

CVE-2024-26727

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT if the newly created subvolume already got read BUG There is a syzbot crash, triggered by the ASSERT during subvolume creation: assertion failed: !anondev, in fs/btrfs/disk-io.c:1319 ------------ cut here...

CVE-2024-26727 btrfs: do not ASSERT() if the newly created subvolume already got read

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT if the newly created subvolume already got read BUG There is a syzbot crash, triggered by the ASSERT during subvolume creation: assertion failed: !anondev, in fs/btrfs/disk-io.c:1319 ------------ cut here...

PT-2025-40747

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16.0-rc5-00184-g0bca5994cacc-dirty 308 Description The Linux kernel contained a flaw in the ubifs subsystem related to page management. Specifically, a race condition could occur during page truncation and file...