2487 matches found
CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
SUSE CVE-2026-24683
FreeRDP is a free implementation of the Remote Desktop Protocol. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This...
PT-2026-7941
Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...
CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
CVE-2025-69871
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...
CVE-2025-69871
Summary: CVE-2025-69871 affects MedusaJS/Medusa v2.12.2 and earlier. The root cause is a race condition in the promotion module’s registerUsage() function, which performs a non-atomic read-check-update when enforcing usage limits. This can let unauthenticated remote attackers submit concurrent ch...
Exploit for Improper Access Control in Oracle Http_Server
CVE-2026-21962 Concurrent WebLogic Scanner/Exploiter High-per...
UBUNTU-CVE-2026-24683
FreeRDP is a free implementation of the Remote Desktop Protocol. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This...
CVE-2026-24683 FreeRDP has a heap-use-after-free in ainput_send_input_event
FreeRDP is a free implementation of the Remote Desktop Protocol. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This...
CVE-2026-24683
FreeRDP is a free implementation of the Remote Desktop Protocol. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This...
kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service.
A flaw was found in the Linux kernel. This use-after-free UAF vulnerability occurs in the procreaddirde function within the /proc filesystem. A local attacker with low privileges can exploit this by concurrently traversing specific directories while network devices are unregistered. This can lead...
Unbreakable Enterprise kernel security update
5.4.17-2136.352.5 - crypto: afalg - Fix incorrect boolean values in afalgctx Eric Biggers Orabug: 38879907 CVE-2025-40022 5.4.17-2136.352.4 - arm64: pensando: Must boot Ortano kernel with spin-table Rob Gardner Orabug: 38821197 5.4.17-2136.352.3 - net/sched: adjust device watchdog timer to detect...
Google Chrome Code Execution Vulnerability (CNVD-2026-10652)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from the V8 engine's lack of effective protection against concurrent access to shared resources, which can be exploited by an attacker to execute arbitrary code on...
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
Summary Cross-client data leak via two distinct issues: 1 reusing a single StreamableHTTPServerTransport across multiple client requests, and 2 reusing a single McpServer/Server instance across multiple transports. Both are most common in stateless deployments. Impact This advisory covers two...
CVE-2026-23063
In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue release with state management Directly calling putqueue carries risks since it cannot guarantee that resources of uaccequeue have been fully released beforehand. So adding a stopqueue operation for the...
PT-2026-6350
Summary Cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. Impact Who is affected: Any MCP server deployment using the TypeScript SDK where a sing...
CVE-2026-24040
A flaw was found in jsPDF. When jsPDF is used in a concurrent environment, such as a Node.js web server, a race condition in the addJS method can lead to cross-user data leakage. This occurs because a shared variable used to store JavaScript content can be overwritten by simultaneous requests. As...