CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 6 days ago•8 views

CVE-2026-45151

6.3CVSS0.00044EPSS

NVD•added 6 days ago•9 views

CVE-2026-44640

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to 0.24.14, aio-provdata is stored as nniquicconn during dialing, but read as exquicconn during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This...

4.5CVSS0.00013EPSS

CVE•added 6 days ago•10 views

CVE-2026-45151

NanoMQ (0.24.8 and earlier) contains a NULL substream pointer dereference in quic_stream_recv when a substream is reopening. The vulnerable code finishes AIO with an error but does not return before locking c->mtx, indicating a potential NULL dereference and an unlocked/locked state issue in t...

6.3CVSS5.9AI score0.00044EPSS

Cvelist•added 6 days ago•27 views

CVE-2026-45151 NanoMQ: NULL Pointer Dereference

6.3CVSS0.00044EPSS

Vulnrichment•added 6 days ago•4 views

CVE-2026-45151 NanoMQ: NULL Pointer Dereference

6.3CVSS5.9AI score0.00044EPSS

Vulnrichment•added 6 days ago•9 views

CVE-2026-44640 NanoMQ: QUIC Dialer Close Type Confusion

CVE•added 6 days ago•15 views

CVE-2026-44640

CVE-2026-44640 affects NanoMQ (MQTT Broker). The issue is a type confusion in the QUIC dialer: aio->prov_data is stored as nni_quic_conn * during dialing but read as ex_quic_conn * during dialer close, leading to invalid object interpretation and a close-path hang/crash. This describes the vul...

EUVD•added 6 days ago•4 views

EUVD-2026-33428

Cvelist•added 6 days ago•26 views

CVE-2026-44640 NanoMQ: QUIC Dialer Close Type Confusion

4.5CVSS0.00013EPSS

Positive Technologies•added 6 days ago•7 views

PT-2026-44985

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to 0.24.14, aio-prov data is stored as nni quic conn during dialing, but read as ex quic conn during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This...

NVD•added 2026/05/19 6:16 p.m.•7 views

Exploits0References3

CVE-2026-32134

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for cleanstart=0...

5.9CVSS0.00055EPSS

Exploits0References4

Vulnrichment•added 2026/05/19 5:22 p.m.•8 views

CVE-2026-32134 NanoMQ: NULL Pointer Dereference Crash in tcptran_pipe_peer During Session Restore

5.9CVSS5.7AI score0.00055EPSS

Exploits0References4

CVE•added 2026/05/19 5:22 p.m.•7 views

CVE-2026-32134

CVE-2026-32134 affects NanoMQ subinfol is freed/NULL’d before restoration, and the transport iterates it without NULL checks. It is fixed in version 0.24.11; upgrade to that release or later to mitigate. No exploitation details are provided in the available documents.

5.9CVSS5.7AI score0.00055EPSS

Exploits0References4

CNNVD•added 2026/05/19 12:0 a.m.•6 views

NanoMQ 代码问题漏洞

NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Versions of NanoMQ prior to 0.24.10 contained code vulnerabilities. These vulnerabilities stemmed from a flaw during the client’s MQTT session recovery when cleanstart=0: the ppeer callback function in the...

5.9CVSS5.9AI score0.00055EPSS