CVE-2025-55293

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

OESA-2024-2102 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for...

Cockpit 跨站脚本漏洞

Cockpit is an interactive server management interface. A cross-site scripting vulnerability exists in cockpit versions prior to 2.6.3. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

Apache Airflow 输入验证错误漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is characterized by scalability and dynamic monitoring. An input validation error vulnerability exists in Apache Airflow versions prior to 2.6.3,...

Rapid7's Windows InsightIDR Local Elevation of Privilege Vulnerability

Rapid7 Insight Agent is a lightweight software from Rapid7 USA. The software is capable of collecting data from IT assets. A security vulnerability exists in Rapid7 Insight Agent 2.6.3 and earlier versions. An attacker can exploit the vulnerability to elevate privileges to SYSTEM...