CVE-2026-14324
RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.
CVSS
6.5
Medium
EPSS
0.2%
p7
KEV
—
Exploit Today
2
0-100
Published: Jul 1, 2026 · Last modified: Jul 1, 2026 · CWE-476
0.2%EPSS · 30 days0.2%
2026-07-022026-07-17
RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-328547.5 HIG91.7%
——28LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.3dCVE-2026-32387.5 HIG84.1%
——25A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the WINS service using specially crafted UDP packets.3dCVE-2026-15847.5 HIG69.1%
——21A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition.3dCVE-2026-250757.5 HIG59.3%
——18strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon.3dCVE-2026-276517.5 HIG56.3%
——17When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.3dCVE-2020-218176.5 MED55.8%
——17A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service (application crash).9d