PT-2026-47596

Ali Norouzi discovered that Kea DHCP did not properly handle maliciously crafted messages over configured API sockets and HA listeners. A remote attacker could possibly use this issue to cause Kea DHCP to crash, resulting in a denial of service...

GHSA-QX5X-85P8-VG4J Mailpit: Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs

Summary The mailpit dump --http sub-command downloads every message from a remote Mailpit instance and writes each one as .eml inside the user-supplied output directory. The message ID field is taken verbatim from the JSON response of the remote server and concatenated into the output path with...

Withdrawn Advisory: Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p2gh-cfq4-4wjc. This link is maintained to preserve external references. Original Description A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input...

UBUNTU-CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the SignalR service. An attacker can exhaust internal buffers and cause service disruption by sending malicious messages. Remediation Upgrade...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in...

Proctorio Secure Exam Proctor Extension 安全漏洞

Proctorio Secure Exam Proctor Extension is an online proctoring plugin provided by Proctorio. There is a security vulnerability in Proctorio Secure Exam Proctor Extension, which stems from the message processor not correctly verifying the source of messages, potentially allowing malicious message...

CVE-2021-22320

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS...

thunderbird: firefox: Cross-process information leaked due to malicious IPC messages

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...

thunderbird: firefox: Cross-process information leaked due to malicious IPC messages

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...

CVE-2025-11710 Cross-process information leaked due to malicious IPC messages

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

EUVD-2025-33800

Parallax is vulnerable to DoS via malicious p2p message...

EUVD-2023-23530

Malicious code in bioql PyPI...

EUVD-2022-6556

Malicious code in bioql PyPI...

EEF-CVE-2025-48040 Malicious Key Exchange Messages may Lead to Excessive Resource Consumption

Summary Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15...

CVE-2025-48040

CVE-2025-48040 describes an uncontrolled resource consumption in Erlang OTP ssh (ssh_sftp) due to excessive data handling. Affected ranges include OTP 17.0–28.0.3, OTP 27.3.4.3 and 26.2.5.15 (ssh from 3.0.1–5.3.3, 5.2.11.3, 5.1.4.12). Exploitation details are not provided in the available documen...

CVE-2025-6183

The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...

CVE-2025-6183 Configd Injection

The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...

CVE-2024-49365

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. Buffer.isBuffer check can b...

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...