879 matches found
FlashMQ 数字错误漏洞
FlashMQ is a fast and lightweight MQTT proxy server developed by Wiebe Cazemier. Versions of FlashMQ prior to 1.26.1 contained a numerical error vulnerability. This vulnerability could cause the FlashMQ proxy to crash and lead to a denial-of-service attack when the setretainedmessagedefertimeout...
PT-2026-39199
Name of the Vulnerable Software and Affected Versions FlashMQ versions prior to 1.26.1 Description A remote client with retained publish permission can cause a denial of service by crashing the broker. This occurs when both set retained message defer timeout and set retained message defer timeout...
CVE-2026-28950
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the devi...
CVE-2026-40196 HomeBox has Unauthorized API Access via Retained defaultGroup ID After Group Access Revocation
HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. There is a security vulnerability in Mattermost; this vulnerability stems from the failure of authorization checks, which allows requests to continue processing without being stopped. This may allow...
GHSA-R3FR-7M74-Q7G2 CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing
A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...
EUVD-2026-18235
CocoaMQTT: Denial of Service via Reachable Assertion in PUBLISH Packet Parsing...
CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing
A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...
CVE-2026-30867
CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. If an attacker...
CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing
A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...
CVE-2026-30867
CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. If an attacker...
CVE-2026-30867
CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. If an attacker...
CVE-2026-30867
CocoaMQTT prior to v2.2.2 is vulnerable to a Denial of Service via a malformed 4-byte PUBLISH payload with the RETAIN flag set. A malicious broker or attacker can cause a vulnerable iOS/macOS/tvOS client to crash when it subscribes to the affected topic, leading to a persistent DoS until the reta...
PT-2026-29743
Name of the Vulnerable Software and Affected Versions CocoaMQTT versions prior to 2.2.2 Description A flaw exists in the packet parsing logic of CocoaMQTT that allows a remote attacker, or a compromised MQTT broker, to crash iOS/macOS/tvOS applications. Publishing a 4-byte malformed payload to a...
CVE-2026-34518
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...
PT-2025-48097
Name of the Vulnerable Software and Affected Versions NanoMQ versions prior to 0.22.5 Description A Heap-Use-After-Free UAF vulnerability exists in the TCP transport component of NanoMQ, stemming from improper resource management and premature cleanup of message and pipe structures. This occurs...
CVE-2025-63563
Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password...
MAL-2025-48807 Malicious code in circuit-retained-test (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in circuit-retained-test (npm)
--- -= Per source details. Do not edit below this line.=-...
EUVD-2018-4506
Malware in sbrugna...