CVE-2026-34066

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During histo...

CVE-2026-29013 libcoap Out-of-Bounds Read in OSCORE CBOR Unwrap Handling

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

CVE-2026-29013

CVE-2026-29013 affects libcoap with out-of-bounds read vulnerabilities in OSCORE CBOR unwrap handling (get_byte_inc in src/oscore/oscore_cbor.c relies on assert for bounds, removed under NDEBUG). Attackers can send crafted CoAP messages during OSCORE negotiation to trigger reads beyond bounds, po...

CVE-2026-1678

CVE-2026-1678 affects Zephyr’s DNS name parser. The function dns_unpack_name() caches the buffer tailroom and reuses it when appending DNS labels; as the buffer grows, the cached size can become incorrect, allowing the final null terminator to be written past the buffer. With assertions disabled ...

PT-2026-22166

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth payload as int and golioth payload as float helpers copy network-supplied payload data into fixed-size stack buffers using memcpy with a length derived...

PT-2026-3845

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2025.10.0 Description The software may experience crashes due to the frequent use of the assert function for error handling. This can lead to a denial of service, as the manager terminates all modules and exits upon...

AZL-73506 CVE-2025-69227 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

UBUNTU-CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

CVE-2025-69227 AIOHTTP vulnerable to DoS when bypassing asserts

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

CVE-2025-69227 AIOHTTP vulnerable to DoS when bypassing asserts

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

CVE-2025-69227 AIOHTTP vulnerable to DoS when bypassing asserts

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

GHSA-JJ3X-WXRX-4X23 AIOHTTP vulnerable to DoS when bypassing asserts

Summary When assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body. Impact If optimisations are enabled -O or PYTHONOPTIMIZE=1, and the application includes a handler that uses the Request.post method, then an attacker may be able to...

EUVD-2014-9775

Malware in sbrugna...

EUVD-2023-58038

Malicious code in bioql PyPI...

CVE-2025-38511

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Clear all LMTT pages on alloc Our LMEM buffer objects are not cleared by default on alloc and during VF provisioning we only setup LMTT PTEs for the actually provisioned LMEM range. But beyond that valid range we might...

CVE-2025-38511

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Clear all LMTT pages on alloc Our LMEM buffer objects are not cleared by default on alloc and during VF provisioning we only setup LMTT PTEs for the actually provisioned LMEM range. But beyond that valid range we might...

Security update for cairo

This update for cairo fixes the following issues: CVE-2019-6461: avoid assert when drawing arcs with NaN angles bsc1122338. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...

CVE-2023-5753

Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hcicore.c...

CVE-2024-56655

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not defer rule destruction via callrcu nftableschaindestroy can sleep, it can't be used from callrcu callbacks. Moreover, nftablesrulerelease is only safe for error unwinding, while transaction mutex is he...