CVE-2026-42786

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends every incomi...

CVE-2026-42788

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGSMAXFRAMESIZE limit only after pattern-matching...

CVE-2026-42788 HTTP/2 frame size limit checked after body is buffered in bandit

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGSMAXFRAMESIZE limit only after pattern-matching...

CVE-2026-42788 HTTP/2 frame size limit checked after body is buffered in bandit

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGSMAXFRAMESIZE limit only after pattern-matching...

EEF-CVE-2026-42788 HTTP/2 frame size limit checked after body is buffered in bandit

Summary Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGSMAXFRAMESIZE limit only after pattern-matchi...

CVE-2026-37539

Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted CAN FD frames...

CVE-2026-43032 NFC: pn533: bound the UART receive buffer

In the Linux kernel, the following vulnerability has been resolved: NFC: pn533: bound the UART receive buffer pn532receivebuf appends every incoming byte to dev-recvskb and only resets the buffer after pn532uartrxisframe recognizes a complete frame. A continuous stream of bytes without a valid...

SUSE CVE-2026-37555

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path line 241 was fixed with sfcountt cast, but the WAV code path line 235 and close path line 167 were not. When samplesperblock int blocks int exceeds INTMAX, the 32-bit multiplication overflows before being assigned to...

CVE-2026-37541

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 OVMS3 3.3.005. In canformatgvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames...

PT-2026-36544

Name of the Vulnerable Software and Affected Versions bandit versions 0.3.6 through 1.10.x Description An issue in the deserialize/2 function within Elixir.Bandit.HTTP2.Frame allows unauthenticated memory exhaustion through oversized HTTP/2 frames. The system checks the SETTINGS MAX FRAME SIZE...

CVE-2026-42469

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 OVMS3 3.3.005. In canformatcanswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted CANswitch frames...

CVE-2026-37539

Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted CAN FD frames...

PT-2026-36513

Name of the Vulnerable Software and Affected Versions cannelloni version 2.0.0 Description A buffer overflow occurs during CAN frame parsing. This issue exists within the parseCANFrame function in parser.cpp and the decodeFrame function in decoder.cpp. Remote attackers can exploit this by sending...

EUVD-2026-26692

Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted CAN FD frames...

cannelloni 安全漏洞

cannelloni is an Ethernet-based socketCAN tunneling tool from the individual developer Maximilian Güntner. A security vulnerability exists in cannelloni version v2.0.0, which stems from a buffer overflow in the parseCANFrame function in parser.cpp and in the decodeFrame function in decoder.cpp wh...

CVE-2026-37539

Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted CAN FD frames...

CVE-2026-37534

Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadTransportProtocolDataTransfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame...

EUVD-2026-26694

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 OVMS3 3.3.005. In canformatgvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames...

CVE-2026-37541

CVE-2026-37541 affects OVMS3 3.3.005. A buffer overflow in canformat_gvret.cpp occurs due to improper validation of the GVRET length field in binary data, enabling remote attackers to cause a denial of service or possibly achieve arbitrary code execution through crafted GVRET frames. Documentatio...

CVE-2026-42469

CVE-2026-42469 describes a buffer overflow in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005. The flaw resides in canformat_canswitch.cpp where the parser does not properly validate the CANswitch DLC value, enabling remote attackers to cause a denial of service or potentially execute ar...