102 matches found
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
CVE-2025-67124
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...
CVE-2025-67124
The CVE-2025-67124 entry concerns a TOCTOU and symlink race in miniserve 0.32.0 during upload finalization. The vulnerability can let an attacker overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create or replace filesystem entries in the u...
CVE-2026-22863
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server...
GHSA-5379-F5HF-W38V Deno node:crypto doesn't finalize cipher
Summary The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. PoC js import crypto from "node:crypto"; const key = crypto.randomBytes32; const iv =...
CVE-2026-22863
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server...
CVE-2026-22863 Deno node:crypto doesn't finalize cipher
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server...
CVE-2026-22863
Deno before 2.6.0 is affected: node:crypto does not finalize the cipher, enabling an attacker to generate an unlimited number of encryptions and potentially mount brute‑force/secret‑learning attempts. The issue impacts cryptographic operations that could reveal server secrets; exploitation is des...
CVE-2026-22863
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server...
CVE-2026-22863
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server...
CVE-2026-22863 Deno node:crypto doesn't finalize cipher
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server...
CVE-2026-22863 Deno node:crypto doesn't finalize cipher
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server...
PT-2026-3145
Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.6.0 Description Deno is a JavaScript, TypeScript, and WebAssembly runtime. A flaw in the node:crypto polyfill allows cryptographic handles to persist beyond their intended lifespan. This results in the possibility of...
BIT-PYTORCH-2025-63396
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop can cause torch.profiler.profile PythonTracer to crash or hang during finalization, leading to a Denial of Service DoS...
amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw
...
CVE-2025-40310
In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: resolve a race in amdgpuamdkfddevicefinisw There is race in amdgpuamdkfddevicefinisw and interrupt. if amdgpuamdkfddevicefinisw run in b/w kfdcleanupnodes and kfreekfd, and KGD interrupt generated. kernel panic log:...
CVE-2025-40280 tipc: Fix use-after-free in tipc_mon_reinit_self().
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of tipcnetnet-monitors in tipcmonreinitself. 0 The array is protected by RTNL, but tipcmonreinitself iterates over it without RTNL. tipcmonreinitself i...
CVE-2025-63396
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop can cause torch.profiler.profile PythonTracer to crash or hang during finalization, leading to a Denial of Service DoS. Mitigation Mitigation for this issue is either not available or the currently available options do...
CVE-2025-65021
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability exists in the poll finalization feature of the application. Any authenticated user can finalize a poll they do not own by manipulating the pollId parameter in...