Lucene search
K

879 matches found

cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

FlashMQ 数字错误漏洞

FlashMQ is a fast and lightweight MQTT proxy server developed by Wiebe Cazemier. Versions of FlashMQ prior to 1.26.1 contained a numerical error vulnerability. This vulnerability could cause the FlashMQ proxy to crash and lead to a denial-of-service attack when the setretainedmessagedefertimeout...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.14 views

PT-2026-39199

Name of the Vulnerable Software and Affected Versions FlashMQ versions prior to 1.26.1 Description A remote client with retained publish permission can cause a denial of service by crashing the broker. This occurs when both set retained message defer timeout and set retained message defer timeout...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/04/24 1:22 a.m.5 views

CVE-2026-28950

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the devi...

6.2CVSS6AI score0.0288EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/17 9:1 p.m.26 views

CVE-2026-40196 HomeBox has Unauthorized API Access via Retained defaultGroup ID After Group Access Revocation

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

8.1CVSS0.00247EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/04/06 12:0 a.m.8 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. There is a security vulnerability in Mattermost; this vulnerability stems from the failure of authorization checks, which allows requests to continue processing without being stopped. This may allow...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References1
osv
osv
added 2026/04/03 9:33 p.m.5 views

GHSA-R3FR-7M74-Q7G2 CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing

A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...

5.7CVSS5.9AI score0.00318EPSS
Exploits1References6
euvd
euvd
added 2026/04/03 9:33 p.m.4 views

EUVD-2026-18235

CocoaMQTT: Denial of Service via Reachable Assertion in PUBLISH Packet Parsing...

5.7CVSS5.9AI score0.00318EPSS
Exploits1References5
github
github
added 2026/04/03 9:33 p.m.8 views

CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing

A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References6Affected Software1
redhatcve
redhatcve
added 2026/04/03 4:59 p.m.7 views

CVE-2026-30867

CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. If an attacker...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References1
gitlab
gitlab
added 2026/04/03 12:0 a.m.64 views

CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing

A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References7Affected Software1
nvd
nvd
added 2026/04/02 2:16 p.m.16 views

CVE-2026-30867

CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. If an attacker...

6.5CVSS0.00318EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/04/02 1:57 p.m.3 views

CVE-2026-30867

CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. If an attacker...

5.7CVSS5.8AI score0.00318EPSS
Exploits1References5Affected Software1
cve
cve
added 2026/04/02 1:57 p.m.19 views

CVE-2026-30867

CocoaMQTT prior to v2.2.2 is vulnerable to a Denial of Service via a malformed 4-byte PUBLISH payload with the RETAIN flag set. A malicious broker or attacker can cause a vulnerable iOS/macOS/tvOS client to crash when it subscribes to the affected topic, leading to a persistent DoS until the reta...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References4Affected Software1
ptsecurity
ptsecurity
added 2026/04/02 12:0 a.m.9 views

PT-2026-29743

Name of the Vulnerable Software and Affected Versions CocoaMQTT versions prior to 2.2.2 Description A flaw exists in the packet parsing logic of CocoaMQTT that allows a remote attacker, or a compromised MQTT broker, to crash iOS/macOS/tvOS applications. Publishing a 4-byte malformed payload to a...

5.7CVSS6AI score0.00318EPSS
Exploits1References8
debiancve
debiancve
added 2026/04/01 8:15 p.m.6 views

CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS5.2AI score0.00337EPSS
Exploits0
ptsecurity
ptsecurity
added 2025/11/25 12:0 a.m.6 views

PT-2025-48097

Name of the Vulnerable Software and Affected Versions NanoMQ versions prior to 0.22.5 Description A Heap-Use-After-Free UAF vulnerability exists in the TCP transport component of NanoMQ, stemming from improper resource management and premature cleanup of message and pipe structures. This occurs...

6CVSS6.6AI score0.00192EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/11/03 2:47 p.m.6 views

CVE-2025-63563

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password...

6.5CVSS6.9AI score0.00242EPSS
Exploits0References1
osv
osv
added 2025/10/23 7:28 p.m.2 views

MAL-2025-48807 Malicious code in circuit-retained-test (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
ossf
ossf
added 2025/10/23 7:28 p.m.4 views

Malicious code in circuit-retained-test (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-4506

Malware in sbrugna...

6.5CVSS7AI score0.00817EPSS
Exploits1References4
Rows per page
Query Builder