CVE-2011-0910

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks...

CVE-2023-50926

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message...

CVE-2021-41264

OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of @openzeppelin/contracts and...

CVE-2022-23486

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

SUSE CVE-2026-21869

llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

CVE-2026-21895

The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...

CVE-2026-21895

The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...

SUSE CVE-2025-8556

A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange...

CVE-2013-7372

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNGSecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture JCA in Android before 4.4 and...

CVE-2013-7309

The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement LSA packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service routing disruption or obtain...

CVE-2013-7310

The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement LSA packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service routing disruption or obtain sensitive...

CVE-2013-7306

The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement LSA packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service routing disruption or obtain sensitiv...

CVE-2019-16754

RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation asymcute, potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message an...

CVE-2019-12731

The Windows versions of Snapview Mikogo, versions before 5.10.2 are affected by insecure implementations which allow local attackers to escalate privileges...

CVE-2019-12586

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service crash via a crafted message...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000210)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000210 advisory. A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS...

CVE-2025-68752 iavf: Implement settime64 with -EOPNOTSUPP

In the Linux kernel, the following vulnerability has been resolved: iavf: Implement settime64 with -EOPNOTSUPP ptpclocksettime assumes every ptpclock has implemented settime64. Stub it with -EOPNOTSUPP to prevent a NULL dereference. The fix is similar to commit 329d050bbe63 "gve: Implement...

CVE-2025-66379

Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service...

CVE-2025-66379

Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service...