CVE-2026-42437

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing th...

Important: docker

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

CVE-2026-47073

CVE-2026-47073 affects hackney WebSocket client (src/hackney_ws.erl) causing unbounded memory growth via three paths: read_handshake_response/3 accumulates an unbounded buffer due to lack of size cap; parse_payload/9 and parse_active_payload/8 do not enforce a maximum frame payload length; and fr...

SUSE CVE-2025-39703

In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...

CVE-2026-5740

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

CVE-2026-5740 Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

CVE-2026-5740

Mattermost CVE-2026-5740 is an unauthenticated denial-of-service issue affecting Mattermost Server versions 11.6.x up to 11.6.0, 11.5.x up to 11.5.3, 11.4.x up to 11.4.4, and 10.11.x up to 10.11.14. The root cause is improper validation of msgpack-encoded WebSocket frames before memory allocation...

EUVD-2026-31426

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

CVE-2026-5740 Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

CVE-2026-5740

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

PT-2026-42750

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...

Astra Linux - уязвимость в libvncserver

It was discovered that the websockets.c file in LibVNCServer prior to version 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, resulting in a heap-based buffer overflow...

Astra Linux - уязвимость в linux

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP does not require that the A-MSDU flag in the plaintext QoS header field be authenticated. Against devices that support receiving non-SSP A-MSDU frames which is mandatory as part of...

Astra Linux - уязвимость в firefox

The frame iterator could get stuck in a loop when encountering certain Wasm frames, leading to incorrect stack traces. This vulnerability affects Firefox 128 and Thunderbird 128...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames sent to non-broadcast addresses Beacon frames are required to be sent to the broadcast address, see IEEE Std 802.11-2020, 11.1.3.1 “The Address 1 field of the Beacon frame shall be set to the...

Astra Linux - уязвимость в golang-golang-x-net, golang-1.19

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request’s headers exceed MaxHeaderBytes, no...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: The sun4iCan driver’s ndochangemtu function needs to be updated to prevent buffer overflows. Sending a PFPACKET message allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The only...

Astra Linux - уязвимость в linux, linux-5.10

A list management bug in BSS handling in the mac80211 stack of the Linux kernel versions 5.1 through 5.19.x, prior to 5.19.16, could be exploited by local attackers those capable of injecting WLAN frames to corrupt a linked list and, in turn, potentially execute unauthorized code...

Astra Linux - уязвимость в linux-5.10, linux

A use-after-free in the mac80211 stack, during the parsing of a multi-BSSID element in the Linux kernel versions 5.2 through 5.19.x before 5.19.16, could be exploited by attackers who have access to injecting WLAN frames. This exploitation could lead to kernel crashes and potentially allow them t...