Linux Distros Unpatched Vulnerability : CVE-2026-10650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c o...

CVE-2026-10650 warmcat libwebsockets SSH Protocol sshd.c lws_ssh_parse_plaintext resource consumption

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: parisc: Revised the gateway LWS calls to probe user read access. We use load and stbys,e instructions to trigger memory reference interruptions without writing to memory. Due to the way read access support is implemented, read...

Huawei EulerOS: Security Advisory for libwebsockets (EulerOS-SA-2026-1585)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libwebsockets (EulerOS-SA-2026-1613)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : libwebsockets (EulerOS-SA-2026-1373)

According to the versions of the libwebsockets package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during...

SUSE CVE-2025-11679

Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

EUVD-2025-35056

Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

EUVD-2025-35045

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the lwsupngdecode function when the WSWITHUPNG flag is enabled during compilation and the HTML display stack is used. An attacker can cause a crash or potentially execute arbitrary code by enticing a user to visi...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the lwsadnsparselabel function when the LWSWITHSYSASYNCDNS flag is enabled during compilation. An attacker can execute arbitrary code or cause a crash by crafting a malicious DNS response with a label...

CVE-2025-11679

Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

CVE-2025-11680 Out-of-bounds Write in libwebsockets PNG parsing

Out-of-bounds Write in unfilterscanline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

CVE-2025-11679

Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

CVE-2025-11677

CVE-2025-11677 is a Use After Free in the warmcat libwebsockets WebSocket server (lws_handshake_server). The vulnerability triggers in configurations where a user-supplied callback handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, potentially allowing a denial-of-service. Public advisories reference aff...

CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

EUVD-2023-31229

Malicious code in bioql PyPI...

EUVD-2025-30700

Malicious code in bioql PyPI...

EUVD-2023-51913

Malicious code in bioql PyPI...

EUVD-2024-28461

Malicious code in bioql PyPI...