7.5
CVE-2026-28435 - Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized requ…
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.h) does not enforce Server::set_payload_max_length() on the decompressed request body when using HandlerWithContentReader (streaming ContentReader) with Content-Encoding: gzip (or…
5.3
CVE-2026-28434 - cpp-httplib's default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via set_exception_handler(), the library catches the exception and writes its message di…
5.9
CVE-2026-28427 - OpenDeck affected by path traversal allows arbitrary file read
OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does not properly sanitize path components. By including ../ sequences in the request path, an attacker can traverse outside the intended directo…
8.8
CVE-2026-3537 - PowerVR Object Lifecycle Heap Corruption in Google Chrome on Android
Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
6.5
CVE-2026-20064 - Local Command Injection Leading to Device Reload and DoS
A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker wit…
6.8
CVE-2026-20025 - OSPFLSU‑Induced Heap Corruption Leading to Reload and DoS in Cisco ASA and FTD
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF s…
6.8
CVE-2026-20024 - OSPF Heap Corruption Causing Device Restart on Cisco Secure Firewall ASA and FTD
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF s…
6.1
CVE-2026-20023 - Memory Corruption in OSPF Parsing Leads to Denial of Service
A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to corrupt memory on an affected device, resulting in a denial of service (DoS) conditio…
6.1
CVE-2026-20022 - OSPF LSU Packet Validation Bug Leads to Device Reload DoS on Cisco ASA/FTD
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the comman…
4.3
CVE-2026-20021 - OSPF Memory Exhaustion Leading to Denial of Service in Cisco Secure Firewall Devices
A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition.…