GHSA-F45G-68Q3-5W8X Elysia has a string URL format ReDoS

Impact t.String format: 'url' is vulnerable to redos Repeating a partial url format protocol and hostname multiple times cause regex to slow down significantly js 'http://a'.repeatn Here's a table demonstrating how long it takes to process repeated partial url format | n repeat | elapsedms | | --...

EUVD-2026-10527

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process...

CVE-2026-30909

Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows. bin2hex, encrypt, aes256gcmencryptafternm and seal functions do not check that output size will be less than SIZEMAX, which could lead to integer wraparound causing an undersized output buffer. Encountering this...

kernel: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()

In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG in pskbexpandhead as part of calipsoskbuffsetattr There exists a kernel oops caused by a BUGONnhead INTMAX i.e. intskbheadroomskb + lendelta skbheadroomskb is meant to ensure that delta = headroom - skbheadroomskb is...

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. FreeBSD has security vulnerabilities; these vulnerabilities arise from the tcpsetmss process, which may release data packets and cause errors without stopping the rule processing engine. This can lead to null pointer...

EUVD-2026-10199

Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows. bin2hex, encrypt, aes256gcmencryptafternm and seal functions do not check that output size will be less than SIZEMAX, which could lead to integer wraparound causing an undersized output buffer. Encountering this...

CVE-2026-30910

Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZEMAX, which could lead to integer wraparound causing an undersized output buffer...

CVE-2026-29795

stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...

CVE-2026-29795 stellar-xdr: `StringM::from_str` bypasses max length validation

stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded processing of responses in the ForwardAuth middleware due to the lack of restrictions for maxResponseBodySize configuration. An attacker can cause resource exhaustion...

Allocation of Resources Without Limits or Throttling

Overview github.com/traefik/traefik/v2/pkg/middlewares/auth is a Cloud Native Application Proxy. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded processing of responses in the ForwardAuth middleware due to the lack of...

PT-2026-23612

Name of the Vulnerable Software and Affected Versions stellar-xdr versions prior to 25.0.1 Description The StringM::from str function does not properly validate the length of input strings. When calling StringM::::from strs with a string s exceeding the maximum allowed length N, the function...

📄 Wireshark USB HID Protocol Dissector Memory Exhaustion

CVE-2026-3201 is a denial of service vulnerability affecting the USB HID protocol dissector in Wireshark versions 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13. The vulnerability is triggered when Wireshark parses a specially crafted USB HID Report Descriptor containing an excessively large...

CVE-2025-47384

Transient DOS when MAC configures config id greater than supported maximum value...

PT-2026-23093

Name of the Vulnerable Software and Affected Versions jackson-core versions 3.0.0 through 3.0.x Description jackson-core contains core low-level incremental "streaming" parser and generator abstractions. The UTF8DataInputJsonParser and ReaderBasedJsonParser bypass the maxNestingDepth constraint...

CVE-2025-47384

Transient DOS when MAC configures config id greater than supported maximum value...

CVE-2025-47384

CVE-2025-47384 describes a transient denial-of-service in the MAC layer when a configuration identifier exceeds the maximum supported value. The root cause, as stated across linked records, is an out-of-range config id; this leads to a temporary DOS condition without broader impact to confidentia...

EUVD-2025-208191

Transient DOS when MAC configures config id greater than supported maximum value...

CVE-2025-47384 Reachable Assertion in FW

Transient DOS when MAC configures config id greater than supported maximum value...

CVE-2025-47384

Transient DOS when MAC configures config id greater than supported maximum value...