EUVD-2026-25056

nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::readrequest and readresponse call readtoend on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets...

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2026-34543

nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::read request and read response call read to end on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets with max...

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a security vulnerability. This vulnerability stemmed from the use of MessageCodec::readrequest and readresponse in the nimiq-libp2p library, which called readtoend on the inbound...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013824)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013824 advisory. In the Linux kernel, the following vulnerability has been resolved: can: sun4ican: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013792)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013792 advisory. In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to...

CVE-2026-40614

A flaw was found in PJSIP, a multimedia communication library. A remote attacker could exploit a buffer overflow vulnerability when decoding Opus audio frames due to insufficient buffer size validation. This flaw allows for a heap buffer overflow, which may lead to arbitrary code execution or...

EUVD-2026-24229

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers decframe.buf were allocated based on a...

CVE-2026-40614

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers decframe.buf were allocated based on a...

Siemens SCALANCE Improper Authentication (CVE-2020-26139)

An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010814)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010814 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Currently, whenever...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010853)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010853 advisory. In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012992)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012992 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Currently, whenever...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006952)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006952 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix use-after-free in cmpbss Following bssfree quirk introduced in commit...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011291)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011291 advisory. In the Linux kernel, the following vulnerability has been resolved: can: hi311x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypa...

Important: Red Hat Security Advisory: nghttp2 security update

An update for nghttp2 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

RHEL 10 : nghttp2 (RHSA-2026:8868)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:8868 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: nghttp2: Denial of...

SUSE CVE-2026-35469

spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...

OpenClaw: Voice-call realtime WebSocket accepted oversized frames

Summary Voice-call realtime WebSocket accepted oversized frames. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 = 2026.4.10 Impact The voice-call realtime WebSocket path could accept oversized frames, creating a remote availability risk for...