344 matches found
CVE-2026-23448
A flaw was found in the Linux kernel's cdcncm module. An incorrect bounds check in the cdcncmrxverifyndp16 function, responsible for validating Network Data Protocol NDP entries, allows Datagram Pointer Entries DPE to extend beyond the intended buffer. This can lead to an out-of-bounds read when...
CVE-2026-23447
The CVE-2026-23447 issue concerns the Linux kernel USB CDC NCM driver (cdc_ncm). The root cause is a bounds-check failure in handling NDP32 frames where the DPE array size is not correctly validated against the skb length due to neglecting ndpoffset, allowing out-of-bounds reads when an NDP32 sit...
net: annotate data-races around sk->sk_{data_ready,write_space}
...
EUVD-2026-13852
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. This heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length...
CVE-2026-2514 Possibility of unintended actions when viewing maliciously crafted network data in Progress Flowmon ADS web application
In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and viewed by an authenticated user, could result in unintended actions being...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. This heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. This heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length...
CVE-2026-26144
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow flaw has been discovered in FreeRDP. In affected versions RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array...
CVE-2026-22552
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
Everon 访问控制错误漏洞
Everon is an electric vehicle charging station system developed by Everon Corporation. There is an access control vulnerability in Everon, which stems from the lack of an authentication mechanism. This vulnerability allows unverified attackers to connect to WebSocket endpoints and impersonate...
PT-2026-23718
Name of the Vulnerable Software and Affected Versions Navtor NavBox affected versions not specified Description The software exposes sensitive configuration and operational data because of a lack of authentication on HTTP API endpoints. A remote attacker with network access can send HTTP GET...
Mobile malware evolution in 2025
Starting from the third quarter of 2025, we have updated our statistical methodology based on the Kaspersky Security Network. These changes affect all sections of the report except for the installation package statistics, which remain unchanged. To illustrate trends between reporting periods, we...
CVE-2026-25851
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-27772
CVE-2026-27772 concerns WebSocket endpoints used by OCPP in EV Energy ev.energy deployments. The authenticated requirement is missing: an unauthenticated attacker can connect to the OCPP WebSocket endpoint with a known or discovered charging-station identifier and issue or receive OCPP commands a...
EV Energy 访问控制错误漏洞
EV Energy is a electric vehicle charging software platform operated by the British company EV Energy. EV Energy has a security vulnerability related to access control. This vulnerability stems from the lack of proper authentication mechanisms at WebSocket endpoints, which can lead to unauthorized...
CLSA-2026-1772113038 Fix of 12 CVEs
OpenJDK 8u482 release, build 8. Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2026-January/020959.html - Security fixes 8u482: + CVE-2026-21945: Prevent DoS via repeated crash or hang in sandbox security + CVE-2026-21932: Fix integrity issue in sandboxed handling of untrusted input ...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. This heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length...
nfstream 6.6.0
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python...