Lucene search
K

275 matches found

Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.13 views

PT-2026-35795

OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended...

6.3CVSS5.3AI score0.00211EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained a security vulnerability. This vulnerability stemmed from the lack of a shared pre-authentication concurrency budget for the public LINE webhook path, allowing...

6.9CVSS5.8AI score0.00459EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 1:46 a.m.27 views

CVE-2026-41458 OwnTone Server < 29.1 Race Condition DoS via DAAP Login

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent...

8.2CVSS0.00364EPSS
Exploits0References3
OSV
OSV
added 2026/04/17 3:31 p.m.7 views

GHSA-MH4X-RMRX-3HP4 Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens enforcement

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/17 3:31 p.m.4 views

EUVD-2026-22915

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 12:16 p.m.4 views

CVE-2026-3590

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 11:0 a.m.3 views

CVE-2026-3590 Race Condition in Guest Magic Link Authentication Allows Token Reuse

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 11:0 a.m.4 views

CVE-2026-3590

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.4 views

PT-2026-33054

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.12 Mattermost version 11.5.0 Mattermost versions 11.4.0 through 11.4.2 Mattermost versions 11.3.0 through 11.3.2 Description Failure to enforce atomic single-use consumption of guest magic link tokens...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References10
OSV
OSV
added 2026/04/13 5:42 a.m.2 views

BIT-KIBANA-2026-33459 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.3 views

undici: Undici: Denial of Service due to uncontrolled resource consumption

A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...

5.9CVSS7AI score0.00566EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/13 2:27 a.m.5 views

undici: Undici: Denial of Service due to uncontrolled resource consumption

A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...

5.9CVSS7AI score0.00566EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/10 9:0 p.m.5 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition due to unsynchronized concurrent access to the userTokens map in the local authentication process. An attacker can cause the server to crash or reuse authentication tokens by sending multiple simultaneous requests to the...

6.4CVSS5.8AI score0.00243EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.5 views

CVE-2026-33459

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 6:26 p.m.10 views

CVE-2026-33459

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent...

6.5CVSS0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 4:46 p.m.5 views

CVE-2026-33459 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.7 views

PT-2026-30704

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000 Description A flaw exists in the Wi-Fi driver of the specified Samsung processors due to improper synchronization on a...

7CVSS5.8AI score0.00086EPSS
Exploits0References6
CVE
CVE
added 2026/04/02 3:0 p.m.8 views

CVE-2026-33544

CVE-2026-33544 affects tinyauth: before v5.0.5, GenericOAuthService, GithubOAuthService, and GoogleOAuthService store PKCE verifiers and access tokens on shared singleton instances. A race between VerifyCode() and Userinfo() during concurrent OAuth logins can cause one user’s session to be popula...

7.7CVSS5.8AI score0.00338EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/02 1:54 p.m.14 views

org.keycloak.protocol.oidc: Keycloak Refresh Token Reuse Bypass via TOCTOU Race Condition

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...

3.1CVSS5.8AI score0.00282EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/01 9:3 p.m.3 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in the updateUser function, specifically when handling concurrent requests. that exploit. An attacker can gain higher-level privileges by sending multiple simultaneous requests that manipulate user roles during a timing g...

5.9CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder