By vendor

Yhirose vulnerabilities

Known CVEs affecting Yhirose products, prioritized by severity, with SEC.co remediation and detection guidance.

2 published vulnerabilities

  • CVE-2026-46527HIGH 7.5

    cpp-httplib versions before 0.44.0 crash when a trusted proxy configuration is enabled and an attacker sends a specially crafted X-Forwarded-For header that contains no parseable IP addresses. The crash results from the library attempting to access an empty data structure without bounds checking, causing the application to terminate abnormally. This is a denial-of-service vulnerability affecting only deployments that have explicitly configured trusted proxies.

  • CVE-2026-45352MEDIUM 5.3

    cpp-httplib, a popular C++ HTTP library, contains a flaw in how it processes chunked HTTP transfers. When a malicious client sends a specially crafted HTTP request with a negative chunk size (like '-2'), the library's parsing logic mishandles it. Instead of rejecting the invalid value, it converts it to an extremely large number due to how C's strtoul function treats negative numbers. This causes the server to attempt allocating massive amounts of memory and reading far more data than expected, ultimately crashing the process. Applications using cpp-httplib versions before 0.43.4 are vulnerable.