Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007617)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007617 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Disallow concurrent writes in afalgsendmsg Issuing two writes to the same afalg...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007391)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007391 advisory. In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to...

CVE-2026-3590

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

Denial Of Service (DoS)

Axios is vulnerable to Denial Of Service DoS. The vulnerability is due to a state corruption bug in HTTP/2 session cleanup logic, which allows a malicious server to trigger concurrent session closures and crash the client process...

CVE-2026-3590

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

CVE-2026-3590 Race Condition in Guest Magic Link Authentication Allows Token Reuse

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

PT-2026-33054

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.12 Mattermost version 11.5.0 Mattermost versions 11.4.0 through 11.4.2 Mattermost versions 11.3.0 through 11.3.2 Description Failure to enforce atomic single-use consumption of guest magic link tokens...

EUVD-2026-22535

Concurrent execution using shared resource with improper synchronization 'race condition' in Function Discovery Service fdwsd.dll allows an authorized attacker to elevate privileges locally...

EUVD-2026-22514

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SSDP Service allows an authorized attacker to elevate privileges locally...

EUVD-2026-22479

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Projected File System allows an authorized attacker to elevate privileges locally...

Windows User Interface Core Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows User Interface Core allows an authorized attacker to elevate privileges locally...

PT-2026-32816

Name of the Vulnerable Software and Affected Versions Windows Speech Brokered Api affected versions not specified Description A race condition occurs due to concurrent execution using a shared resource with improper synchronization. This allows an authorized attacker to elevate privileges locally...

PT-2026-32789

Name of the Vulnerable Software and Affected Versions Windows Projected File System affected versions not specified Description A race condition occurs due to concurrent execution using a shared resource with improper synchronization. This allows an authorized attacker to elevate privileges...

PT-2026-32780

Name of the Vulnerable Software and Affected Versions Windows Shell affected versions not specified Description A race condition occurs in Windows Shell due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges locally. A race condition...

CVE-2026-31419

Summary of CVE-2026-31419 : A use-after-free in the Linux kernel bonding driver is caused by a race in bond_xmit_broadcast() where the last slave determination can change during RCUs, leading to double-free of the original skb and a potential crash. The fix replaces the racy bond_is_last_slave() ...

BIT-KIBANA-2026-33459 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent...

undici: Undici: Denial of Service due to uncontrolled resource consumption

A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...

undici: Undici: Denial of Service due to uncontrolled resource consumption

A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A contention condition vulnerability exists in the Huawei HarmonyOS event notification module, which stems from a failure of the event notification module to...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition due to unsynchronized concurrent access to the userTokens map in the local authentication process. An attacker can cause the server to crash or reuse authentication tokens by sending multiple simultaneous requests to the...