CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

EUVD-2026-33700

FlexRIC v2.0.0 contains reachable assert0 calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type e.g., E2nodeConfigurationUpdate to crash the near-RT RIC process port...

CVE-2026-37228

FlexRIC v2.0.0 contains a reachable assertion in e2aprecvsctpmsg src/lib/ep/e2apep.c. The function allocates a fixed 32KB receive buffer and enforces assertrc = 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. No valid E2AP PDU is required. All four SCTP endpoin...

FlexRIC security vulnerabilities

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from the assertion in the e2aprecvsctpmsg function, where assertrc len is used. This could allow unauthorized remote attackers to send SCT...

PT-2026-45513

FlexRIC v2.0.0 trusts the xapp id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid xapp id only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xapp...

FlexRIC security vulnerabilities

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability arises from trusting the xappid field in the trust E42 message without binding it to the sender’s SCTP association. As a result, remote...

ArmCode Arm Whois 安全漏洞

ArmCode Arm Whois is a web information query tool developed by ArmCode Corporation. Version 3.11 of Arm Whois contains a security vulnerability; this vulnerability stems from a buffer overflow, which could allow local attackers to cause the application to crash by providing excessively long input...

EUVD-2026-33428

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to 0.24.14, aio-provdata is stored as nniquicconn during dialing, but read as exquicconn during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This...

CVE-2026-46344 liboqs: Heap-buffer-overflow in XMSS verification path via OID-controlled parameter mismatch (xmss_commons.c:194)

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

CVE-2026-44518 liboqs: XMSS Buffer Overread Bug

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...

liboqs 缓冲区错误漏洞

Liboqs is an open-source project under Open Quantum Safe, which is an open-source C library for quantum secure encryption algorithms. Versions of Liboqs prior to 0.16.0 contained a buffer error vulnerability. This vulnerability stems from out-of-bounds reads in the XMSS and XMSS^MT state signatur...

DEBIAN-CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

USN-8329-1 ffmpeg vulnerability

It was discovered that the FFmpeg CAF decoder incorrectly handled certain file size calculations. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service...

SUSE CVE-2023-43632

As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The communication with this server is done using...

USN-8313-1 xmlrpc-c vulnerabilities

It was discovered that Expat, vendored in XML-RPC, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iommusvaunbinddevice function in accel/amdxdna, where it accesses iommumm after releasing the...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the PUT processor in the BSF module, which allowed unsynchronized writes to the global Subscriptions mapping,...

CVE-2026-7451 TIF File Parsing Out-of-Bounds Write in Autodesk 3ds Max

A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

DEBIAN-CVE-2026-48683

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflowplugin/netflowv9collector.cpp, the Data template branch lines 1695-1702 iterates over flow records without performing a per-iteration bounds check agains...

CVE-2026-48683

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflowplugin/netflowv9collector.cpp, the Data template branch lines 1695-1702 iterates over flow records without performing a per-iteration bounds check agains...