CVE-2026-43988

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures e.g., invalid length...

CVE-2026-43988

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures e.g., invalid length...

CVE-2026-43988 Vanetza: Remote Denial of Service via Uncaught Exception in ASN.1/OER Parsing

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures e.g., invalid length...

CVE-2026-43988

Affected software/component: Vanetza (ETS I C-ITS implementation). In versions 26.02 and earlier, a denial-of-service vulnerability exists in the ASN.1/OER parsing pipeline. The issue occurs when processing malformed network packets with corrupted ASN.1/OER structures; the asn1c_wrapper.cpp path ...

CVE-2026-48135

A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation...

UBUNTU-CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

CVE-2026-20171

A vulnerability in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service DoS condition...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: A bug was fixed regarding accessing an array out of bounds. When an error occurs during the parsing of JPEG data, the slot may not be properly acquired. This could be due to the default value MXCMAXSLOTS. If the...

Astra Linux - уязвимость в zabbix

Templates do not properly handle backticks as JavaScript string delimiters, and do not escape them as expected. Backticks have been used since ES6 for JavaScript template literals. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211 – Correctly decodes TTLM with the default link map. The TID-to-link mapping TTLM elements do not contain any link mapping presence indicators when a default mapping is used, and parsing is skipped. It should be not...

CVE-2023-7345

Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can...

Improper Validation of Syntactic Correctness of Input

Overview org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the SAMLParser and SAML11ParserUtil code paths that handle SAML 1.1 assertions and protoc...

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

CVE-2025-56352

CVE-2025-56352 affects the tinyMQTT broker. When processing a CONNECT packet with a zero-length Client ID and CleanSession=0, the broker returns CONNACK 0x02 (Identifier Rejected) but fails to explicitly close the TCP connection, leaving the socket open. Repeated invalid CONNECT attempts can exha...

PT-2026-41013

Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-good versions prior to 1.28.2 Description An issue exists when parsing MP4 audio tracks where the isomp4 plugin's qtdemux audio caps function fails to sufficiently validate atom data before performing division operations...

CVE-2026-42584

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103,...

ALSA-2026:16692 Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

CVE-2026-6664

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...