13565 matches found
PT-2026-53868
Name of the Vulnerable Software and Affected Versions NetScaler ADC affected versions not specified NetScaler Gateway affected versions not specified Description A denial of service issue exists when HTTP/2 is enabled in the HTTP Profile and associated with a virtual server of type LB, CS, or VPN...
CVE-2026-58051
A flaw in libssh2 allows a malicious SSH server to send a malformed public key response, triggering an invalid memory cleanup. This can cause the connecting client application to crash or leak information. Mitigation To mitigate this issue, ensure your applications connect only to trusted and...
CVE-2026-56340
A flaw was found in vLLM. This vulnerability allows a remote attacker to trigger crashes or resource exhaustion, leading to a denial of service DoS. By submitting specially crafted embedding requests with malformed tensor indices, when the prompt-embeds feature is enabled, an attacker could also...
CVE-2026-57873
An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may...
CVE-2026-57873 GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability (IEEE8021x_upload.cgi)
An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may...
PT-2026-52991
Name of the Vulnerable Software and Affected Versions H.View HV-500S6 IP Camera affected versions not specified Description Certificate-related upload interfaces allow authenticated users to store arbitrary file content in fixed, persistent filesystem locations. The system fails to validate the...
golang.org/x/crypto: Invoking pathological inputs can lead to client panic
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...
GHSA-9M57-25V3-79X9 golang.org/x/crypto: Invoking pathological inputs can lead to client panic
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...
EUVD-2026-31402
golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic...
CVE-2026-9716
CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...
CVE-2026-9716
CVE-2026-9716 describes a CWE-476 NULL Pointer Dereference that could cause a denial-of-service, rendering a device’s HMI and configuration functionality unavailable when malformed requests hit exposed network interfaces. The root cause is a NULL pointer dereference; impact is high availability l...
CVE-2026-9716
CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...
EUVD-2026-39407
In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...
EUVD-2026-39406
In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock...
CVE-2026-47149
In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...
EUVD-2026-39403
In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
CVE-2026-47148 Groups GetGroupMembership count/list-length mismatch in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
CVE-2026-47146
CVE-2026-47146 affects EmberZNet v9.0.2 and earlier; malformed Color Control messages can trigger asserts that abort the process. Impact is limited to devices that have already joined the network and that support the Color Control cluster. The provided documents do not specify a patch version or ...
CVE-2026-47145
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can trigger asserts that terminate the process. The issue affects devices that already joined the network and that support the Color Control cluster. The problem is caused by malformed Color Control messages and results in an appli...
CVE-2026-47145
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...