CVE-2026-35465

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...

CVE-2026-35465

CVE-2026-35465 affects SecureDrop Client

CVE-2026-35465 SecureDrop Client has path injection in read_gzip_header_filename()

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...

CVE-2026-35465 SecureDrop Client has path injection in read_gzip_header_filename()

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine sd-app by exploiting improper...

PT-2026-33546

Name of the Vulnerable Software and Affected Versions SecureDrop Client versions prior to 0.17.5 Description Improper filename validation during gzip archive extraction allows a compromised SecureDrop Server to achieve code execution on the Client virtual machine sd-app. This occurs because the...

NanoMQ 安全漏洞

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open sourced by EMQ USA. A security vulnerability exists in NanoMQ version 0.17.5, which stems from a segmentation error in the component /nanomq/pubhandler.c that could lead to a denial of service attack...

NanoMQ 缓冲区错误漏洞

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open sourced by EMQ USA. A buffer error vulnerability exists in NanoMQ version 0.17.5, which stems from a heap buffer overflow vulnerability when processing incorrectly formatted messages...

PT-2023-24905 · Nanomq · Nanomq

Name of the Vulnerable Software and Affected Versions: NanoMQ version 0.17.5 Description: The issue arises from a heap-buffer-overflow in the conn handler function of mqtt parser.c when processing malformed messages. Recommendations: For NanoMQ version 0.17.5, at the moment, there is no informati...

mp4tools aacplusenc Denial of Service Vulnerability

mp4tools aacplusenc is a tool for encoding video and audio for mp4 format files. A security vulnerability exists in DeleteBitBuffer in the libbitbuf/bitbuffer.c file in version 0.17.5 of mp4tools aacplusenc. A remote attacker can exploit this vulnerability to cause a denial of service null pointe...

Mantis < 0.17.5 Multiple Vulnerabilities

According to its banner, the version of Mantis on the remote host contains various flaws that may allow an attacker to execute arbitrary commands, inject SQL commands, view bugs it should not see, and get a list of projects that should be hidden. %NASLMINLEVEL 70300 C Tenable Network Security, In...