CVE-2026-23267

The CVE-2026-23267 issue is a Linux kernel f2fs race where an IS_CHECKPOINTED flag inconsistency during atomic commits could cause an -EINVAL in f2fs_recover_inode_page. The root cause is a race between f2fs_ioc_commit_atomic_write and f2fs_write_checkpoint, with the last_folio’s nat_entry flag n...

GHSA-HMQR-WJMJ-376C Netmaker has Insufficient Authorization in Host Token Verification

The Authorise middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorisation checks without verifying that the host is authorised to access the specific requested resource. Any entit...

Netmaker has Insufficient Authorization in Host Token Verification

The Authorise middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorisation checks without verifying that the host is authorised to access the specific requested resource. Any entit...

CVE-2026-29194

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorization checks without verifying that the host is...

CVE-2026-29194 Netmaker: Insufficient Authorization in Host Token Verification

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorization checks without verifying that the host is...

CVE-2025-55292

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...

CVE-2025-55292

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...

CVE-2025-55292 In Meshtastic, an attacker can spoof licensed amateur flag for a node

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...

CVE-2025-55292 In Meshtastic, an attacker can spoof licensed amateur flag for a node

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...

PT-2026-5035

Name of the Vulnerable Software and Affected Versions Meshtastic versions prior to 2.7.6.834c3c5 Description Meshtastic is a mesh networking solution where nodes are identified by their NodeID, derived from the MAC address, rather than their public key. This design flaw allows an attacker to forg...

PT-2025-52287

Name of the Vulnerable Software and Affected Versions omec-project UPF versions up to 2.1.3-dev Description A denial-of-service issue exists in the UPF component upf-epc/pfcpiface. When the UPF receives a PFCP Association Setup Request lacking the mandatory NodeID Information Element, the...

EUVD-2019-9238

Malware in sbrugna...

EUVD-2019-9236

Malware in sbrugna...

EUVD-2007-4670

Malware in sbrugna...

CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

CVE-2019-19625

SROS 2 0.8.1 which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2 leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document...

CVE-2019-19627

SROS 2 0.8.1 after CVE-2019-19625 is mitigated leaks ROS 2 node-related information regardless of the rtpsprotectionkind configuration. SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2...

CVE-2024-45717

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction...

SolarWinds Platform 跨站脚本漏洞

SolarWinds Platform is a unified monitoring, observability, and service management platform from U.S.-based SolarWinds, Inc. A cross-site scripting vulnerability exists in SolarWinds Platform that stems from susceptibility to a cross-site scripting attack that affects the search and node...