CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

GHSA-F5V4-2WR6-HQMG russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler

Summary A pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for 2FA/TOTP with a single malformed packet, requiring no credential...

CVE-2026-27890 Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

EUVD-2026-19804

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 and likely earlier versions of Developer Edition. An unauthenticated remote attacker can cra...

CVE-2026-39312

CVE-2026-39312 affects SoftEtherVPN Developer Edition 5.2.5188 and earlier. It is a pre-authentication denial-of-service where an unauthenticated remote attacker can crash the vpnserver by sending a malformed EAP-TLS packet over raw L2TP (UDP/1701), terminating all active VPN sessions. The root c...

CVE-2026-33952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

CVE-2026-33219 NATS is vulnerable to pre-auth DoS through WebSockets client service

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a...

GHSA-8R68-GVR4-JH7J NATS is vulnerable to pre-auth DoS through WebSockets client service

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server offers a WebSockets client service, used in deployments where browsers are the NATS clients. Problem Description A malicious...

CVE-2025-55184

CVE-2025-55184 is a pre-authentication Denial of Service vulnerability in React Server Components from versions 19.0.0 through 19.2.2 (affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack). The issue arises from unsafe deserialization of HTTP payloads sent t...

Fortinet FortiWeb Pre-authentication DoS attack in OpenSSH - CVE-2025-26466 (FG-IR-25-122)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-122 advisory. - A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memor...

EUVD-2006-0887

Malware in sbrugna...

EUVD-2019-19168

Malware in sbrugna...

EUVD-2021-1569

Malware in sbrugna...

EUVD-2006-6963

Malware in sbrugna...

EUVD-2020-29383

Malware in sbrugna...

EUVD-2000-0546

Malware in sbrugna...

EUVD-2025-5047

Malicious code in bioql PyPI...

EUVD-2022-36775

Malicious code in bioql PyPI...

EUVD-2022-26019

Malicious code in bioql PyPI...

EUVD-2023-24422

Malicious code in bioql PyPI...