4337 matches found
CVE-2026-13473
IBM Storage Protect Client is affected by CVE-2026-13473: a heap-based buffer overflow caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code or crash the server. Affected versions are 8.1.0.0–8.1.27.0, 8.1.27.1, and 8.2.0.0–8.2.1.0. The public fi...
CVE-2026-62353
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.14, source/libs/parser/src/parTokenizer.c tGetToken incremented past a trailing backslash in a SQL string literal such as 'abc\ and read one byte beyond the null terminator, allowing an authenticated user...
CVE-2026-62351
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, source/libs/transport/src/transComm.c transDecompressMsg read STransCompMsg.contLen when pHead-comp == 1 without first validating that the RPC packet contained the 8-byte STransCompMsg structure, causi...
CVE-2026-62353
TDengine before version 3.4.1.14 contains an out-of-bounds read in the SQL lexer (parTokenizer.c tGetToken) where a trailing backslash in a string literal can cause the parser to read beyond the null terminator, potentially crashing the server and leaking adjacent memory. The issue requires an au...
CVE-2026-62351
TDengine before 3.4.1.15 is affected. In transDecompressMsg() within source/libs/transport/src/transComm.c, the code reads STransCompMsg.contLen when pHead->comp == 1 without first validating that the RPC packet contains the 8-byte STransCompMsg structure. This can cause an unauthenticated out...
JLSEC-2026-672
An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...
CVE-2026-48068
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming HTTP/2 stream initiation can cause a server process created using @grpc/grpc-js to crash. This issue is fixed in...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the StompSubframeDecoder process. An attacker can exhaust system memory and cause a server crash by sending a large number of short headers in a single STOMP frame, resulting ...
CVE-2026-48068
The CVE-2026-48068 entry concerns @grpc/grpc-js (Pure JavaScript gRPC implementation). The issue is triggered by an invalid incoming HTTP/2 stream initiation, which can cause the server process created by @grpc/grpc-js to crash. Affected versions are pre-fix: 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13...
CVE-2026-48068 @grpc/grps-js: A malformed request can cause a server crash
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming HTTP/2 stream initiation can cause a server process created using @grpc/grpc-js to crash. This issue is fixed in...
EulerOS 2.0 SP10 : xorg-x11-server (EulerOS-SA-2026-2678)
According to the versions of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB X Keyboard Extension modifier map...
X.org: xorg-x11-server: GLX contextTags Use-After-Free in CommonMakeCurrent()
A flaw was found in the X.org X11 server, specifically within the GLX OpenGL Extension to the X Window System dispatch layer. A remote attacker can exploit this vulnerability by sending a series of crafted X11 requests. This can lead to a use-after-free condition, where the server attempts to wri...
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()
A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...
NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled
...
Uncaught Exception
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Uncaught Exception in the WebSocket listener routing, which dispatches requests for the...
CVE-2026-58208
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...
CVE-2026-58208 NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...
CVE-2026-58208 NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...
CVE-2026-58208
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...
CVE-2026-58250 NATS Server: Pre-auth server crash via double INFO in leafnode handshake
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by...