EUVD-2026-36663

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...

PT-2026-49135

Name of the Vulnerable Software and Affected Versions LiamBindle MQTT-C versions prior to 1.1.7 Description A heap-based out-of-bounds read and integer underflow exist in the mqtt unpack publish response function within src/mqtt.c. A remote unauthenticated attacker who controls an MQTT broker or...

CVE-2024-25075

Softing uaToolkit Embedded (prior to 1.41.1) is affected. A vulnerability arises when a subscription is created with an extremely low MaxNotificationPerPublish value, causing the publish response to be mishandled and leading to memory consumption. Sustained instances can exhaust device memory and...

Softing uaToolkit Embedded 安全漏洞

Softing UaToolkit Embedded is used to support the development of embedded Opc Ua applications via client/server and publisher/subscriber communication by Softing Germany. A security vulnerability exists in Softing uaToolkit Embedded versions 1.30 through 1.41.1, which stems from a mishandling of...

OESA-2023-1680 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...