CVE-2026-43236

A flaw was found in the Linux kernel's drm/atmel-hlcdc component. An issue in the atmelhlcdcplaneatomicduplicatestate callback, which incorrectly duplicates the drmplanestate, can lead to a use-after-free vulnerability. This can be triggered when a device node is closed and re-opened while anothe...

GHSA-F9JP-856V-8642 PocketMine-MP: Player entities can still die and drop items in flaggedForDespawn state

Summary When an entity dies, the entity is flagged for despawn, but remains in the World's entity table, meaning it's still accessible by doing World-getEntity$entityId and other methods. The same is true of a player when quitting the server. When a network packet arrives from a client to attack ...

InventoryGui allows item duplication in GUIs which use GuiStorageElement

Impact Any plugin using a GUI with the GuiStorageElement and allows taking out items out of that element. Patches InventoryGui 1.6.5 included in latest 1.6.5-SNAPSHOT by disabling GuiStorageElement when not running on 1.21.9 or later. Workarounds Not using the GuiStorageElement...

CVE-2025-62784 InventoryGui allows item duplication in GUIs which use GuiStorageElement

InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions before 1.6.5 contain a vulnerability where any plugin using a GUI with the GuiStorageElement and allows taking out items out of that element can allow item duplication when the experimental Bundle item feature i...

EUVD-2025-36359

InventoryGui affected by item duplication in GUIs which use GuiStorageElement...

PT-2025-44044

Name of the Vulnerable Software and Affected Versions InventoryGui versions 1.6.3-SNAPSHOT and earlier Description InventoryGui, a library for creating chest GUIs for Bukkit/Spigot plugins, contains an issue where GUIs utilizing GuiStorageElement may allow item duplication when the experimental...

SUSE CVE-2022-0168

A denial of service DOS issue was found in the Linux kernel's smb2ioctlqueryinfo function in the fs/cifs/smb2ops.c Common Internet File System CIFS due to an incorrect return from the memdupuser function. This flaw allows a local, privileged CAPSYSADMIN attacker to crash the system...

curl: incorrect handle duplication after COPYPOSTFIELDS

A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPTCOPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory...

duphandle read out of bounds

libcurl's function curleasyduphandle has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending. When doing an HTTP POST transfer with libcurl, you can use the CURLOPTCOPYPOSTFIELDS option to specify a memory area holding the data to send to the...