3 matches found
CVE-2026-58254 NATS Server: Incomplete fix for CVE-2026-33249: Leaf node connections bypass Nats-Trace-Dest permission check
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...
PT-2026-56560
Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description An unauthenticated MQTT client can cause the server to consume excessive memory by sending large incomplete MQTT CONNECT packets. The server retains these...
Logisim Evolution XML External Entity Injection Vulnerability
Logisim Evolution is a tool for designing and simulating data logic circuits. An XML external entity injection vulnerability exists in the Circuit file loading feature in Logisim Evolution 2.14.3 and earlier versions, which can be exploited by an attacker to disclose information and potentially...