30 matches found
PT-2026-29876
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...
CVE-2026-28682
Gokapi CVE-2026-28682 affects the self-hosted file sharing server Gokapi prior to 2.2.3. The vulnerability lies in the upload status SSE implementation for /uploadStatus, which previously published the global upload state to any authenticated listener and included file_id values not scoped to the...
CVE-2025-69207
Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unreleased xid, which could lead to an xid leak...
PT-2025-53974
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's CIFS implementation within the cifs ses add channel function. Specifically, the function fails to free a transaction ID xid before returning, leading ...
UBUNTU-CVE-2023-54003
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix GID entry ref leak when createah fails If AH create request fails, release sgidattr to avoid GID entry referrence leak reported while releasing GID table...
CVE-2023-54003 RDMA/core: Fix GID entry ref leak when create_ah fails
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix GID entry ref leak when createah fails If AH create request fails, release sgidattr to avoid GID entry referrence leak reported while releasing GID table...
CVE-2025-68233 drm/tegra: Add call to put_pid()
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to putpid Add a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID so we need to free it here to avoid leaking. [email protected]: reword commit message...
kernel: cifs: Fix xid leak in cifs_ses_add_channel()
A transaction ID xid leak was found in the CIFS/SMB filesystem. When adding a new channel fails, the allocated xid is not freed, leading to gradual exhaustion of the xid pool...
EUVD-2025-27766
Malicious code in bioql PyPI...
CVE-2022-50460 cifs: Fix xid leak in cifs_flock()
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifsflock If not flock, before return -ENOLCK, should free the xid, otherwise, the xid will be leaked...
CVE-2022-50351 cifs: Fix xid leak in cifs_create()
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifscreate If the cifs already shutdown, we should free the xid before return, otherwise, the xid will be leaked...
CVE-2025-30038
The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream ADS for all files downloaded from potentially untrusted sources...
CVE-2025-30038
The CVE-2025-30038 vulnerability concerns a session ID leak when saving a file downloaded from CGM CLININET. The exposed identifier is stored in an NTFS alternate data stream (ADS) via a built-in Windows security feature that preserves extra metadata for files downloaded from potentially untruste...
CVE-2025-47870 Team invite ID leaked to team admin with no member invite privileges
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...
SUSE CVE-2021-47659
In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for formatcount earlier While the check for formatcount 64 in drmuniversalplaneinit shouldn't be hit it's a WARNON, in its current position it will then leak the plane-formattypes array and fail to cal...
CVE-2021-47659
CVE-2021-47659 affects the Linux kernel DRM plane path. The vulnerability arises because the range check for format_count is performed late in __drm_universal_plane_init(); if format_count > 64 yields a WARN_ON, it can leak the plane->format_types array and skip drm_mode_object_unregister()...
kernel: Linux kernel: RDMA/core GID entry leak causes Denial of Service
A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA core component. A local user with low privileges could trigger a Global Identifier GID entry reference leak when an Address Handle AH creation request fails. This resource leak could lead to system instability and a Denial of...
TCL 安全漏洞
Tcl is a freely available open source package. It provides a powerful platform for creating integrated applications that tie together various applications, protocols, devices and frameworks. A security vulnerability exists in the TCL 30Z, A3X, 20XE, and 10L, which stems from the fact that certain...
CVE-2024-0454
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than...