132 matches found
CVE-2026-15168 Use of Uninitialized Variable in Wireshark
BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure...
CVE-2026-15173
pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...
PT-2026-56591
Name of the Vulnerable Software and Affected Versions ciscodump versions 4.6.0 through 4.6.6 ciscodump versions 4.4.0 through 4.4.16 Description A crash in the software allows for a denial of service, which occurs when the system becomes unavailable to users. There are reports of this issue being...
CVE-2026-47777
Affected product: Mastodon (open-source social network server). Vulnerable component: remote Collections feature logic for consent verification. Root cause: missing condition to ensure the FeatureAuthorization object on a remote account actually matches the Collection item, allowing forging of co...
Astra Linux – Vulnerability in libslirp
An invalid pointer initialization issue was discovered in the SLiRP networking implementation of QEMU. The flaw resides in the bootpinput function and can occur when processing an UDP packet that is smaller than the size of the ‘bootpt’ structure. A malicious guest could exploit this flaw to leak...
OESA-2026-2228 wireshark security update
Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of...
CVE-2026-5403 Heap-based Buffer Overflow in Wireshark
SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...
CVE-2026-5656
CVE-2026-5656 affects Wireshark profiles import in Wireshark 4.6.0–4.6.4 and 4.4.0–4.4.14, due to improper restriction of a pathname to a restricted directory (path traversal). The issue can lead to denial of service and possible code execution. CVSS v3.1: AV Local, AC High, PR None, UI Required,...
UBUNTU-CVE-2026-6529
iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
UBUNTU-CVE-2026-6532
Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
UBUNTU-CVE-2026-5655
SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service...
EUVD-2026-26324
AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
CVE-2026-6528
TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service...
CVE-2026-6526
RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...
CVE-2026-5407
SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
CVE-2026-6536
DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4...
CVE-2026-6528
TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service...
Security Bulletin: IBM Application Modernization Accelerator is vulnerable to multiple vulnerabilities found in Node.js
Summary There are multiple vulnerabilities in Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to...
Dell AppSync elevation of privilege vulnerability (CNVD-2026-17277)
Dell AppSync is a data replication management application from Dell USA. An elevation of privilege vulnerability exists in Dell AppSync version 4.6.0. The vulnerability stems from improper assignment of critical resource privileges and can be exploited by an attacker to cause elevation of privile...
CVE-2026-34598
YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...