Critical CVE-2026-5067 A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL...

#Sicherheitslücke #Update

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[Critical] CVE-2026-5067 – A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTT...

VERWANDTEARTIKEL

CVE-2026-49741 - TYPO3 CMS - Privilege Escalation & SQL Injection in Form Framework

Update Chrome: Google patches actively exploited vulnerability and 73 others

Google fixes the fifth actively exploited Chrome zero-day of 2026

CVE-2026-46746 - Siemens SINEC INS Command Injection

CVE-2026-46748 - SINEC INS Local Privilege Escalation via CAP_DAC_OVERRIDE

CVE-2026-41031 - A Stored Cross-Site Scripting (XSS) vulnerability occurs in Vinna Process Monitor