4 matches found
CVE-2026-32314
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...
PT-2026-25373
Summary The Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULT CREDIT e.g. 262145. On the first packet of a new inbound stream, stream state is created and a receiver is queued before oversized-body...
CVE-2025-28958
Cross-Site Request Forgery CSRF vulnerability in Vadim Bogaiskov Bg Orthodox Calendar bg-orthodox-calendar allows Stored XSS.This issue affects Bg Orthodox Calendar: from n/a through = 0.13.10...
CVE-2025-28958
CVE-2025-28958 is a CSRF to Stored XSS in Bg Orthodox Calendar. Affected software: Bg Orthodox Calendar (from n/a up to version 0.13.10). Root cause: CSRF enabling stored XSS. CVSS 3.1 base score 7.1 (HIGH) with network attack vector, low attack complexity, no privileges, user interaction require...