Textream 资源管理错误漏洞

Textream is a teleprompter application. A resource management error vulnerability exists in Textream that stems from the DirectorServer WebSocket server not limiting concurrent connections, which can be exploited by an attacker to cause CPU and memory exhaustion, freezing and crashing the...

Qualcomm Chipsets 资源管理错误漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. Qualcomm Chipsets have a resource management vulnerability, which stems from concurrent access to shared buffers during IOCTL calls, potentially leading to memory corruption...

Qualcomm Chipsets 资源管理错误漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. Qualcomm Chipsets have a resource management vulnerability, which arises from concurrent access to shared buffers. Due to improper synchronization between buffer resource allocation and release, memory corruption may...

Qualcomm Chipsets 资源管理错误漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. Qualcomm Chipsets have a resource management vulnerability; this vulnerability arises from concurrent access to shared buffers during the invocation of IOCTL calls, which may lead to memory corrupti...

PT-2026-22645

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A memory corruption issue exists when processing IOCTL calls with concurrent access to a shared buffer. This can lead to system instability or potential code execution. Approximately 1000 devices...

PT-2026-22649

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A memory corruption issue exists when invoking IOCTL calls with concurrent access to a shared buffer. This can lead to unpredictable system behavior. Approximately 1000 devices worldwide are estimate...

PT-2026-22641

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A memory corruption issue arises when concurrent access to a shared buffer occurs during IOCTL calls. This can lead to unpredictable system behavior. Recommendations At the moment, there is no...

PT-2026-22644

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A memory corruption issue arises from improper synchronization during concurrent access to a shared buffer, specifically related to the assignment and deallocation of buffer resources. Recommendation...

PT-2026-23499

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.10.3 Description OliveTin is susceptible to a denial-of-service condition stemming from an unsynchronized access issue within its OAuth2 login flow. Concurrent requests to the /oauth/login API endpoint can trigg...

CVE-2026-25952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfSetWindowMinMaxInfo dereferences a freed xfAppWindow pointer because xfrailgetwindow in xfrailserverminmaxinfo returns an unprotected pointer from the railWindows hash table, and the main thread can...

CVE-2026-25997 FreeRDP has heap-use-after-free in xf_clipboard_format_equal

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfclipboardformatequal reads freed lastSentFormats memory because xfclipboardformatsfree called from the cliprdr channel thread during auto-reconnect frees the array while the X11 event thread concurrently...

CVE-2026-25997 FreeRDP has heap-use-after-free in xf_clipboard_format_equal

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfclipboardformatequal reads freed lastSentFormats memory because xfclipboardformatsfree called from the cliprdr channel thread during auto-reconnect frees the array while the X11 event thread concurrently...

CVE-2026-25953

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reads from a freed xfAppWindow because the RDPGFX DVC thread obtains a bare pointer via xfrailgetwindow without any lifetime protection, while the main thread can concurrently...

CVE-2026-25952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfSetWindowMinMaxInfo dereferences a freed xfAppWindow pointer because xfrailgetwindow in xfrailserverminmaxinfo returns an unprotected pointer from the railWindows hash table, and the main thread can...

kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service.

A flaw was found in the Linux kernel. This use-after-free UAF vulnerability occurs in the procreaddirde function within the /proc filesystem. A local attacker with low privileges can exploit this by concurrently traversing specific directories while network devices are unregistered. This can lead...

kernel: Linux kernel Bluetooth: Denial of Service due to use-after-free in connection handling

A flaw was found in the Linux kernel's Bluetooth subsystem. A use-after-free UAF vulnerability exists in the hcidisconnectallsync function. This can occur if a Bluetooth connection is deleted while a controller event is being processed concurrently. A local attacker could potentially exploit this...

CVE-2026-27128

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s...

kernel: Linux kernel Bluetooth: Denial of Service due to use-after-free in connection handling

A flaw was found in the Linux kernel's Bluetooth subsystem. A use-after-free UAF vulnerability exists in the hcidisconnectallsync function. This can occur if a Bluetooth connection is deleted while a controller event is being processed concurrently. A local attacker could potentially exploit this...

CVE-2026-27128 Craft CMS's race condition in Token Service potentially allows for token usage greater than the token limit

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s...

GHSA-6FX5-5CW5-4897 Craft CMS Race condition in Token Service potentially allows for token usage greater than the token limit

A Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s usage count, checks if it’s within limits, then updates the database in separate non-atomic operations. By...