3647 matches found
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...
DEBIAN-CVE-2026-53319
In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...
CVE-2026-9699
Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...
CVE-2026-9699
Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...
ROS-20260625-73-0002
The vulnerability in gnutls is related to errors in processing parameter values related to input data length. Exploiting this vulnerability can allow a remote attacker to cause service failures...
ROS-20260625-73-0004
The vulnerability in gnutls is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a remote attacker to cause service failures...
EUVD-2026-38752
Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...
EUVD-2026-38239
AIL did not restrict repeated failed attempts to verify a two-factor authentication OTP code. An attacker who had reached the 2FA verification step, such as after successfully completing the password-authentication stage, could submit an unlimited number of OTP guesses. This could enable...
kernel: bnxt_en: Fix RSS context delete logic
A flaw was found in the bnxten driver of the Linux kernel. An issue in the RSS Receive Side Scaling context deletion logic can lead to a leak of VNICs Virtual Network Interface Controllers in the firmware. This can cause subsequent attempts to create new VNICs to fail, resulting in the loss of...
ROS-20260622-73-0036
The vulnerability of the consumePhrase function in the Go programming language is related to insufficient validation of input data during the analysis of email addresses. Exploiting this vulnerability could allow a remote attacker to cause service failures...
ROS-20260622-73-0021
The vulnerability in Thunderbird is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service failures...
ROS-20260622-73-0018
The vulnerability in Firefox is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a remote attacker to cause service failures...
Astra Linux – Vulnerability in cloud-init
Sensitive data may have been exposed in cloud-init logs that are readable to the world before version 22.3, when schema failures were reported. This leakage could involve hashed passwords...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fixed a possible NULL pointer dereferencing in sendacknowledge This issue involves handling memory allocation failures caused by nciskballoc, which calls allocskb. This fix prevents possible NULL pointer dereferences...
Astra Linux – Vulnerability in Jetty9
In Eclipse Jetty versions 9.4.0 through 9.4.46, and 10.0.0 through 10.0.9, as well as 11.0.0 through 11.0.9, the parsing of the authority segment of an http scheme URI causes the Jetty HttpURI class to incorrectly detect an invalid input as a hostname. This can lead to failures in a Proxy scenari...
CVE-2026-48982
pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open without the OEXCL flag. Without OEXCL, the create operation is not atomic: two concurrent processes racing to...
The vulnerability of the OpenNebula cloud management platform for virtual machines, related to the lack of measures taken to sanitize input data, allows a perpetrator to trigger a service failure.
The vulnerability of the OpenNebula cloud management platform for virtual machines is related to the lack of measures taken to sanitize input data. Exploiting this vulnerability could allow a malicious actor to trigger service failures...
Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.18.24 security, enhancement & bug fix update
Red Hat OpenShift Data Foundation 4.18.24 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.18.24 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-7107: Backport to 4.18.z CLONE - ODF Console is breaking DFBUGS-7064: RHODF 4.18.24 release DFBUGS-7046:...
What Changed in OWASP Top 10 2025 and Recommendations for Each Category
Key Takeaways 1. The 2025 list introduces two new categories – Software Supply Chain Failures A03 and Mishandling of Exceptional Conditions A10 - reflecting attacks already happening in production. 2. Security Misconfiguration jumping from 5 to 2 signals that continuous deployment without...
ROS-20260615-73-0033
The vulnerability of the RDP client FreeRDP is related to the lack of checks for division by zero. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...