283 matches found
CVE-2026-51537
A flaw was found in OpENer. An out-of-bounds read vulnerability exists in the Connection Manager when processing malformed ForwardOpen requests. A remote attacker can send a specially crafted Ethernet/IP ENIP frame with an insufficient Common Industrial Protocol CIP ForwardOpen/LargeForwardOpen...
EUVD-2026-43606
OpENer 2.3.0 master branch up to commit 76b95cf is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages SendUnitData...
EUVD-2026-43602
In OpENer 2.3.0 commit 76b95cf when parsing incoming CIP Common Industrial Protocol network packets, the length parameter is inconsistently typed across the call stack. Specifically, an upstream length calculated as an int is passed to a downstream function that expects an EipInt16 a 16-bit signe...
CVE-2026-51540
OpENer 2.3.0 master branch up to commit 76b95cf is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages SendUnitData...
CVE-2026-51536
In OpENer 2.3.0 commit 76b95cf when parsing incoming CIP Common Industrial Protocol network packets, the length parameter is inconsistently typed across the call stack. Specifically, an upstream length calculated as an int is passed to a downstream function that expects an EipInt16 a 16-bit signe...
CVE-2026-51538
EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...
CVE-2026-51541
OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose pathsize field claims that many more path words are...
CVE-2026-51540
OpENer 2.3.0 (master up to commit 76b95cf) is affected by a severe memory corruption vulnerability due to an integer underflow in processing of connected explicit messages (SendUnitData). The CVE-2026-51540 entry lists a CVSS v3.1 base score of 9.8 (CRITICAL) with NETWORK attack vector, no privil...
CVE-2026-51537
EIPStackGroup OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser...
CVE-2026-51540
OpENer 2.3.0 master branch up to commit 76b95cf is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages SendUnitData...
CVE-2026-51538
CVE-2026-51538 (OpENer 2.3.0) describes an Incorrect Access Control in encapsulation session handling. The server validates that a session_handle exists in the global list but does not verify that the handle belongs to the TCP connection issuing the request. With no strong binding between a sessi...
CVE-2026-51541
OpENer 2.3.0 (commit 76b95cf) is affected by CVE-2026-51541 due to an out-of-bounds read in CIP message parsing when processing malformed explicit requests with a forged EPath size. An ENIP SendRRData frame carrying a short CIP payload with a larger declared path_size can cause the parser to cont...
CVE-2026-51541
OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose pathsize field claims that many more path words are...
CVE-2026-51540
OpENer 2.3.0 master branch up to commit 76b95cf is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages SendUnitData...
CVE-2026-51537
EIPStackGroup OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser...
CVE-2026-51538
EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...
CVE-2026-51537
OpENer 2.3.0 (commit 76b95cf) contains an out-of-bounds read in the Connection Manager when processing malformed ForwardOpen/LargeForwardOpen requests, allowing a remote attacker to trigger the issue over the network without authentication. Red Hat notes potential denial of service or information...
CVE-2026-51536
OpENer 2.3.0 is affected by CVE-2026-51536 due to inconsistent typing of the length parameter across the call stack: an upstream int length is passed to a downstream function expecting a 16-bit signed EipInt16. A crafted CIP packet can cause the length to overflow or become negative, bypassing bo...
CVE-2026-55659
Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...
CVE-2026-55659 Grist: XSS through unsafe value interpolation in server-rendered pages
Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...