191 matches found
EUVD-2026-36533
The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...
CVE-2026-42932 Naxclow IoT Platform Generation of Predictable Numbers or Identifiers
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...
EUVD-2026-36532
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...
PT-2026-48952
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...
path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions
A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of...
CVE-2026-6869 Improperly Controlled Sequential Memory Allocation in Wireshark
WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
RockyLinux 10 : wireshark (RLSA-2026:9666)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:9666 advisory. wireshark: Buffer Over-read in Wireshark CVE-2026-3203 wireshark: Improperly Controlled Sequential Memory Allocation in Wireshark CVE-2026-3201 Tenable...
ALSA-2026:9666 Moderate: wireshark security update
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes: wireshark: Buffer Over-read in Wireshark CVE-2026-3203 wireshark: Improperly Controlled Sequential Memory Allocation in Wireshark CVE-2026-3201 For more...
CVE-2026-5234 LatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID
The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::createpaymentintentfortransaction action is registered as a public action no authentication required an...
CVE-2026-5234 LatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID
The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::createpaymentintentfortransaction action is registered as a public action no authentication required an...
EUVD-2026-16324
path-to-regexp vulnerable to Denial of Service via sequential optional groups...
GHSA-J3Q9-MXJG-W52F path-to-regexp vulnerable to Denial of Service via sequential optional groups
Impact A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches Fixed in version 8.4.0. Workarounds Limit the number of...
path-to-regexp vulnerable to Denial of Service via sequential optional groups
Impact A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches Fixed in version 8.4.0. Workarounds Limit the number of...
CVE-2026-4926
Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...
UBUNTU-CVE-2026-4926
Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...
CVE-2026-4926 path-to-regexp vulnerable to Denial of Service via sequential optional groups
Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...
CVE-2026-4926 path-to-regexp vulnerable to Denial of Service via sequential optional groups
Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...
CVE-2026-27492
Lettermint Node.js SDK (npm package lettermint) is vulnerable in versions ≤ 1.5.0 where email properties (to, subject, html, text, attachments) are not reset between sends when a single client instance is reused across multiple .send() calls. This state leakage can cause content or recipient addr...
ROS-20260216-73-0009
Vulnerability in wireshark related to improper management of sequential memory allocation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
weixin4j has Improperly Controlled Sequential Memory Allocation
Improperly Controlled Sequential Memory Allocation vulnerability in foxinmy weixin4j weixin4j-base/src/main/java/com/foxinmy/weixin4j/util modules. This vulnerability is associated with program files CharArrayBuffer.Java, ClassUtil.Java. This issue affects all versions of weixin4j. A path is...