JLSEC-2026-364

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution...

JLSEC-2026-365

A potential memory leak issue was discovered in SDL2 in GLESCreateTexture function in SDLrendergles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected...

tomcat: security constraint bypass with HTTP/0.9

A flaw was found in Tomcat. An improper input validation vulnerability allows an attacker to bypass security constraints. Specifically, if a security constraint is configured to permit HEAD requests to a URI but deny GET requests, a malformed or specification invalid HEAD request using the HTTP/0...

UBUNTU-CVE-2026-6526

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

UBUNTU-CVE-2026-5401

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-7375

UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-5407

SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-5657

iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6537

Wireshark CVE-2026-6537 affects the ZigBee protocol dissector in Wireshark 4.6.0–4.6.4 and 4.4.0–4.4.14. The vulnerability is a stack-based buffer overflow in the ZigBee dissector, causing denial of service. Exploitation status and concrete fix/version are not provided in the documents; a remedia...

CVE-2026-6537

ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6534

USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6532

Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6528

Wireshark TLS protocol dissector has an infinite loop in versions 4.6.0–4.6.4 due to an unreachable exit condition, enabling denial of service. Affected component: TLS dissector internals in Wireshark. Root cause: loop condition prevents exit when parsing certain TLS inputs. Impact: denial of ser...

CVE-2026-6523

GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6521

OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6519

CVE-2026-6519 affects Wireshark’s MBIM protocol dissector, with an infinite loop causing denial of service. Public details across SUSE, Debian, Debian OSV, EUVD, Alpine, and CVE listings confirm the issue impacts Wireshark versions 4.6.0–4.6.4 and 4.4.0–4.4.14. The root cause is described as a lo...

Stream Request Bypass

Axios is vulnerable to Stream Request Bypass. The vulnerability is due to the bypassing of maxBodyLength when maxRedirects is set to 0 for stream request bodies, where oversized streamed uploads are sent fully even when the caller sets strict body limits...

CVE-2026-7375

UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-7376

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-7376

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...