181 matches found
CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions
FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...
CVE-2026-28532
FRRouting before 10.5.3 is affected by an integer overflow in seven OSPF Traffic Engineering and Segment Routing TLV parser functions. A uint16_t accumulator truncates uint32_t values returned by TLV_SIZE(), causing the loop termination condition to fail while pointer advancement continues. An at...
EUVD-2026-26418
FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...
CVE-2026-28532
FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...
CVE-2026-28532
FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...
CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions
FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...
PT-2026-36172
Name of the Vulnerable Software and Affected Versions FRRouting versions prior to 10.5.3 Description An integer overflow exists in seven OSPF Traffic Engineering and Segment Routing TLV parser functions. A uint16 t accumulator variable truncates uint32 t values returned by the TLV SIZE macro, whi...
OpenClaw: busybox and toybox applet execution weakened exec approval binding
Summary busybox and toybox applet execution weakened exec approval binding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.23 = 2026.4.12 Impact Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavio...
GHSA-2CQ5-MF3V-MX44 OpenClaw: busybox and toybox applet execution weakened exec approval binding
Summary busybox and toybox applet execution weakened exec approval binding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.23 = 2026.4.12 Impact Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavio...
Malicious code in privaton-beacon-img-8f3603448690bdde-png (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron be565465ab48d5cf9d07625d2414c21814f63826ea9325c35dca838e40aa24e9 This package is an install-time-executable sdist that uses setup.py paired with an opaque data.bin payload and a beacon name...
ZITADEL's truncated opaque tokens are still valid
Summary Opaque OIDC access tokens in v2 format, truncated to 80 characters are still considered valid. ZITADEL uses a symmetric AES encryption for opaque tokens. The cleartext payload is a concatenation of a couple of identifiers, such as a token ID and user ID. Internally Zitadel has 2 different...
EUVD-2026-8789
ZITADEL's truncated opaque tokens are still valid...
GHSA-6MQ3-XMGP-PJM5 ZITADEL's truncated opaque tokens are still valid
Summary Opaque OIDC access tokens in v2 format, truncated to 80 characters are still considered valid. ZITADEL uses a symmetric AES encryption for opaque tokens. The cleartext payload is a concatenation of a couple of identifiers, such as a token ID and user ID. Internally Zitadel has 2 different...
CVE-2026-27840
ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...
CVE-2026-27840
ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...
CVE-2026-27840
ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...
CVE-2026-27840 ZITADEL's truncated opaque tokens are still valid
ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...
CVE-2026-27840
Technical details for CVE-2026-27840 are not provided in the supplied documents. Monitor for updates and vendor advisories for Zitadel versions and remediation.
CVE-2026-27840 ZITADEL's truncated opaque tokens are still valid
ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...
PT-2026-22066
Name of the Vulnerable Software and Affected Versions ZITADEL versions 2.31.0 through 3.4.6 ZITADEL versions 2.31.0 through 4.10.9 Description ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in th...