163937 matches found
CVE-2026-49847 FreeSWITCH: Stack overflow in bundled cJSON parser via deeply nested JSON
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...
CVE-2026-49843 FreeSWITCH: Pre-authentication session eviction via attacker-chosen `sessid` in `mod_verto`
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...
CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...
CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function
Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...
CVE-2026-42771 Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()
Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...
CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q
Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...
CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate
Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption
Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...
CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption
Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...
CVE-2026-42765 NULL Dereference in Certificate Verification with OCSP Checking
Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...
CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling
Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...
CVE-2026-35188 Double-free When Checking OCSP Stapled Response
Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...
CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...
CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing
Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...
CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption
Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...
CVE-2026-49842 FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...
CVE-2026-49841 FreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the modverto HTTP request handler allocates a fixed 2 MiB buffer for a POST...
CVE-2026-49840 FreeSWITCH: Pre-authentication heap buffer overflow in libesl `Content-Length` parsing
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...
CVE-2026-49475 FreeSWITCH: Out-of-bounds memory access in core STUN attribute parsing
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...
CVE-2026-49472 FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpat
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...
CVE-2026-45771 Freeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity Expansion
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...
CVE-2026-9212 Insufficient authentication and input validation in certain NETGEAR products
Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations...
CVE-2026-0420 Missing TLS certificate validation in NETGEAR's ReadyCloud client app
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle MiTM style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models...
CVE-2026-0411 A Sensitive Information Disclosure Vulnerability in NETGEAR Orbi Satellites
An information disclosure vulnerability in the NETGEAR Orbi satellites RBR/RBE/RBS Series could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not...
CVE-2026-0415 Insufficient input validation vulnerability in certain Orbi routers
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...
CVE-2026-0414 Insufficient Input Validation Allows Unauthorized Modification of Router Software in certain NETGEAR Routers
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...
CVE-2026-0418 Certain NETGEAR devices allow administrators to tamper with system
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system...
CVE-2026-0413 Buffer overflow vulnerability in certain NETGEAR Nighthawk routers
A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...
CVE-2026-0417 Insufficient input validation in certain NETGEAR routers
Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity...
CVE-2026-9210 Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...
CVE-2026-9211 Certain NETGEAR routers allow unauthenticated users to gain control of the router
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation...
CVE-2026-0416 Improper input validation in certain NETGEAR routers allows unauthorized modification of protected router functionality
An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router...
CVE-2026-3088 Unauthenticated users can disrupt router operation
Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests...
CVE-2026-0419 Insufficient input validation vulnerability in NETGEAR JR6150
Insufficient input validation in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are...
CVE-2026-9213 Insufficient input validation in certain NETGEAR routers
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...
CVE-2026-0412 Insufficient input validation vulnerability in NETGEAR JR6150 Web UI
Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...
CVE-2026-0410 Insufficient input validation in certain NETGEAR routers
Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality...
CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability
A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...
CVE-2026-0409 Netgear Orbi 370 Series Remote Code Execution vulnerability
A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...
CVE-2026-24065 Local Privilege Escalation via Insecure XPC Client Validation in Waves Central for macOS
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier PID to verify code-signing identity. Because process identifiers can be reuse...
CVE-2026-24064 Local Privilege Escalation via Dynamic Library Injection in Waves Central for macOS
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...
CVE-2026-8025 SQLi in MOSK Informatics' CBS Platform
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not...
CVE-2026-10727
An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root...
CVE-2025-67862
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability CWE-1244 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiPro...
CVE-2026-25089
A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...