EUVD-2026-36663

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...

PT-2026-49135

Name of the Vulnerable Software and Affected Versions LiamBindle MQTT-C versions prior to 1.1.7 Description A heap-based out-of-bounds read and integer underflow exist in the mqtt unpack publish response function within src/mqtt.c. A remote unauthenticated attacker who controls an MQTT broker or...

Softing uaToolkit Embedded 安全漏洞

Softing UaToolkit Embedded is used to support the development of embedded Opc Ua applications via client/server and publisher/subscriber communication by Softing Germany. A security vulnerability exists in Softing uaToolkit Embedded versions 1.30 through 1.41.1, which stems from a mishandling of...

CVE-2024-25075

Softing uaToolkit Embedded (prior to 1.41.1) is affected. A vulnerability arises when a subscription is created with an extremely low MaxNotificationPerPublish value, causing the publish response to be mishandled and leading to memory consumption. Sustained instances can exhaust device memory and...

OESA-2023-1680 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...