CVE-2026-4526 Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

SUSE CVE-2015-8732

The dissectzclpwrprofpwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service out-of-bound...

Philips Hue Bridge ZCL Heap Overflow Vulnerability

Philips Hue Bridge is a Philips smart home device bridge. A heap overflow vulnerability exists in Philips Hue Bridge's handling of very long ZCL strings, which can be exploited by a remote attacker to submit a special request and the application context to execute arbitrary code...