CVE-2026-39863 Kamailio Core: TCP Data Processing Vulnerability

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

CVE-2025-67433

A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service DoS via a crafted DATA packet...

CVE-2025-67433

A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service DoS via a crafted DATA packet...

CVE-2025-67433

Open TFTP Server MultiThreaded v1.7 is affected by a heap buffer overflow in the processRequest function, leading to a Denial of Service when handling a crafted DATA packet. The description confirms the vulnerability and impact; details on affected versions beyond v1.7, exploit steps, scope, or a...

PT-2026-7890

Name of the Vulnerable Software and Affected Versions Open TFTP Server MultiThreaded version 1.7 Description A heap buffer overflow exists in the processRequest function of Open TFTP Server MultiThreaded. This issue can be triggered by sending a crafted DATA packet, potentially leading to a Denia...

CVE-2025-67433

A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service DoS via a crafted DATA packet...

EUVD-2025-206666

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATAFRAG receive path. An un authenticated sender can transmit a single malformed RTPS...

CVE-2024-39150

vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet...

CVE-2024-51428

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service DoS via a crafted data channel packet...

CVE-2024-39945

A vulnerability has been found in Dahua products. After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash...

CVE-2024-39946

A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization...

CVE-2024-39946

A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization...

CVE-2024-39945

A vulnerability has been found in Dahua products. After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash...

CVE-2024-39947

A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash...

CVE-2024-39946

CVE-2024-39946 affects Dahua Network Video Recorders (notably NVR4XXX family) where, after valid administrator credentials are obtained, an attacker can send a crafted data packet to a vulnerable interface to trigger device initialization. Public documents describe the vulnerability as resulting ...

PT-2024-28748 · Dahua · Dahua

Name of the Vulnerable Software and Affected Versions: Dahua products affected versions not specified Description: A vulnerability has been found in Dahua products. After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface wi...

PT-2024-28749 · Dahua · Dahua

Name of the Vulnerable Software and Affected Versions: Dahua products affected versions not specified Description: A vulnerability has been found in Dahua products. After obtaining an ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface wit...

CVE-2024-39150

vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet...

CVE-2024-39150

vditor, version 3.9.8 and earlier, is vulnerable to an Arbitrary file read via a crafted data packet. The issue is confirmed across multiple sources (NVD/Red Hat/CVE ecosystem). Affected component: vditor (frontend/Markdown editor). Root cause details are not explicitly provided in the extracted ...

CVE-2021-42147

Buffer over-read vulnerability in the dtlssha256update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet...