Lucene search
K

84 matches found

CVE
CVE
added 6 days ago17 views

CVE-2026-10654

The CVE-2026-10654 issue is a race in Zephyr’s Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c): when one side initiates a session teardown and the peer simultaneously sends a DISC for DLCI 0, rfcomm_handle_disc() forces the session to DISCONNECTED without calling bt_l...

3.1CVSS5.8AI score0.00124EPSS
Exploits1References2Affected Software1
NVD
NVD
added last week11 views

CVE-2026-10648

mcumgrserialprocessfrag in subsys/mgmt/mcumgr/transport/src/serialutil.c calls netbufreset on the result of smppacketalloc before checking it for NULL. smppacketalloc uses netbufallocKNOWAIT against the shared MCUmgr packet pool CONFIGMCUMGRTRANSPORTNETBUFCOUNT, default 4, which returns NULL when...

6.2CVSS0.00109EPSS
Exploits1References2
Cvelist
Cvelist
added last week26 views

CVE-2026-10648 NULL-pointer dereference in MCUmgr serial/console SMP transport on buffer-pool exhaustion

mcumgrserialprocessfrag in subsys/mgmt/mcumgr/transport/src/serialutil.c calls netbufreset on the result of smppacketalloc before checking it for NULL. smppacketalloc uses netbufallocKNOWAIT against the shared MCUmgr packet pool CONFIGMCUMGRTRANSPORTNETBUFCOUNT, default 4, which returns NULL when...

6.2CVSS0.00109EPSS
Exploits1References2
CVE
CVE
added last week14 views

CVE-2026-10648

CVE-2026-10648 affects Zephyr’s MCUmgr serial/console SMP transport paths. The bug occurs in mcumgr_serial_process_frag() where net_buf_reset() is invoked on the result of smp_packet_alloc() before checking NULL. smp_packet_alloc() draws from the shared MCUmgr packet pool (default 4 entries) via ...

6.2CVSS6AI score0.00109EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53755

Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description An issue exists where the mcumgr serial process frag function in subsys/mgmt/mcumgr/transport/src/serial util.c calls net buf reset on the result of smp packet alloc without first verifying if the result is NUL...

6.2CVSS5.9AI score0.00109EPSS
Exploits1References6
CVE
CVE
added 2026/06/25 4:27 p.m.13 views

CVE-2026-13351

Zephyr’s IPv6 network stack is vulnerable to a denial-of-service caused by fragmented IPv6 packets. In the fragment-header processing path, the RX network packet buffer allocated from a memory slab is not released back to the pool after handling malicious fragments. Repeating such packets exhaust...

7.5CVSS6AI score0.00263EPSS
Exploits1References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/20 2:28 a.m.10 views

SUSE CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

7.5CVSS5.9AI score0.00431EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in netcdf

The ezxmltoxml function in ezxml 0.8.6 and earlier is vulnerable to out-of-band OOB writes when opening an XML file after exhausting the memory pool...

8.1CVSS7.2AI score0.01178EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in netcdf

The ezxmlnew function in ezXML 0.8.6 and earlier is vulnerable to OOB write attacks when opening an XML file after exhausting the memory pool...

8.1CVSS7.6AI score0.01178EPSS
Exploits1References2
NVD
NVD
added 2026/05/13 2:17 p.m.17 views

CVE-2026-39806

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...

8.7CVSS0.00637EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/08 10:9 p.m.42 views

CVE-2026-42343 FastGPT: Uncontrolled Resource Consumption leading to Sandbox Exhaustion

FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit a 500ms polling interval for memory management and...

6.3CVSS0.00268EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 10:9 p.m.15 views

CVE-2026-42343

FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit a 500ms polling interval for memory management and...

6.3CVSS5.8AI score0.00268EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

FastGPT 资源管理错误漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT 4.14.13 and earlier contain a resource management vulnerability. This vulnerability stems from insufficient resource isolation in the code-sandbox component,...

6.3CVSS5.8AI score0.00268EPSS
Exploits0References2
OSV
OSV
added 2026/04/04 6:13 a.m.2 views

GHSA-6Q22-G298-GRJH Directus: Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver

Summary The GraphQL specification permits a single query to repeat the same field multiple times using aliases, with each alias resolved independently by default. Directus did not deduplicate resolver invocations within a single request, meaning each alias triggered a full, independent execution ...

7.5CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/28 9:16 p.m.4 views

CVE-2026-0648

The vulnerability stems from an incorrect error-checking logic in the CreateCounter function in threadx/utility/rtoscompatibilitylayers/OSEK/txosek.c when handling the return value of osekgetcounter. Specifically, the current code checks if cntrid equals 0u to determine failure, but @osekgetcount...

7.8CVSS6AI score0.00105EPSS
Exploits0References1
NVD
NVD
added 2026/01/27 4:16 p.m.5 views

CVE-2026-0648

The vulnerability stems from an incorrect error-checking logic in the CreateCounter function in threadx/utility/rtoscompatibilitylayers/OSEK/txosek.c when handling the return value of osekgetcounter. Specifically, the current code checks if cntrid equals 0u to determine failure, but...

7.8CVSS0.00105EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/27 3:40 p.m.4 views

EUVD-2026-4817

The vulnerability stems from an incorrect error-checking logic in the CreateCounter function in threadx/utility/rtoscompatibilitylayers/OSEK/txosek.c when handling the return value of osekgetcounter. Specifically, the current code checks if cntrid equals 0u to determine failure, but...

7.8CVSS6AI score0.00105EPSS
Exploits0References1
CVE
CVE
added 2026/01/27 3:40 p.m.11 views

CVE-2026-0648

CVE-2026-0648 : Red Hat and other sources describe a logic error in the CreateCounter() path for OSEK in threadx.c where osek_get_counter() return value is mishandled. The code tests for failure by comparing cntr_id to 0u, but osek_get_counter() signals failure with E_OS_SYS_STACK (12U). When the...

7.8CVSS6AI score0.00105EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/27 3:40 p.m.4 views

CVE-2026-0648

The vulnerability stems from an incorrect error-checking logic in the CreateCounter function in threadx/utility/rtoscompatibilitylayers/OSEK/txosek.c when handling the return value of osekgetcounter. Specifically, the current code checks if cntrid equals 0u to determine failure, but...

7.8CVSS6AI score0.00105EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 3:40 p.m.4 views

CVE-2026-0648

The vulnerability stems from an incorrect error-checking logic in the CreateCounter function in threadx/utility/rtoscompatibilitylayers/OSEK/txosek.c when handling the return value of osekgetcounter. Specifically, the current code checks if cntrid equals 0u to determine failure, but...

7.8CVSS6AI score0.00105EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder