675 matches found
PT-2026-50870
Name of the Vulnerable Software and Affected Versions Cloudflare Quiche versions prior to 0.29.2 Description Two use-after-free issues exist in the connection ID iterator FFI Foreign Function Interface functions. The functions quiche connection id iter next and quiche conn retired scid next retur...
Oj - Use-After-Free in Oj::Doc Iterators via Reentrant Close
Summary Oj::Doc iterators eachvalue, eachchild, eachleaf are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed while the C iterator is still running. When control returns from the block, the iterator rea...
CVE-2026-48096
A flaw was found in OpenFGA, an authorization/permission engine. When iterator caching is enabled, distinct authorization check requests can generate identical cache keys. This can cause OpenFGA to reuse an outdated or incorrect cached result for subsequent requests. Such a flaw may lead to...
GHSA-36HH-V3QG-5JQ4 PyO3 has an Out-of-bounds Read in `nth` / `nth_back` for `PyList` and `PyTuple` iterators
PyO3 0.24.0 added optimized implementations of Iterator::nth and DoubleEndedIterator::nthback for the BoundListIterator and BoundTupleIterator types. These implementations computed the target index using unchecked usize addition index + n before bounds-checking against the sequence length, then...
PyO3 has an Out-of-bounds Read in `nth` / `nth_back` for `PyList` and `PyTuple` iterators
PyO3 0.24.0 added optimized implementations of Iterator::nth and DoubleEndedIterator::nthback for the BoundListIterator and BoundTupleIterator types. These implementations computed the target index using unchecked usize addition index + n before bounds-checking against the sequence length, then...
EUVD-2026-36061
OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning...
OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning
Description In OpenFGA, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. Preconditions This applies if the following preconditions are present: - FGA runs with...
GHSA-8396-JFFM-QX4W OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning
Description In OpenFGA, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. Preconditions This applies if the following preconditions are present: - FGA runs with...
CVE-2026-48096
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in...
CVE-2026-48096 OpenFGA: Cache-key delimiter injection in openfga/openfga shared-iterator and v2 iterator caches enables intra-store authorization-decision poisoning
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in...
CVE-2026-49496
Ghidra
OpenFGA 数据伪造问题漏洞
OpenFGA is an open-source authorization/licensing engine built for developers, inspired by Google Zanzibar. Versions of OpenFGA prior to 1.16.0 had a data manipulation vulnerability. This vulnerability arises from the possibility that two different check requests may generate the same cache key...
PT-2026-48462
Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.16.0 Description When iterator caching is enabled, specifically with SharedIteratorCache and ListObjectsIteratorCache, two distinct check requests can produce the same cache key. This causes the system to reuse a...
kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al
In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et.al Check pde-procops-proclseek directly may cause UAF in rmmod scenario. It's a gap in procregopen after commit 654b33ada4ab"proc: fix UAF in...
PT-2026-44350
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free or type confusion issue exists in the SCTP implementation of the Linux kernel. In the sctp sendmsg function, the SCTP SENDALL path iterates through associations using li...
CVE-2026-45937
The CVE-2026-45937 entry concerns the Linux kernel crypto driver inside-secure/eip93. During driver detach, a programming error unregisters the same hash algorithm multiple times due to a faulty iterator, leading to a kernel panic. The vulnerability affects the kernel code path handling driver de...
kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al
In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et.al Check pde-procops-proclseek directly may cause UAF in rmmod scenario. It's a gap in procregopen after commit 654b33ada4ab"proc: fix UAF in...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an iterator error during driver separation in the crypto/inside-secure/eip93 module. This error...
PT-2026-43804
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel panic can occur during driver detach in the inside-secure/eip93 crypto component. This happens because a wrong iterator causes the same hash algorithm to be unregistered multipl...
CVE-2026-43494
In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails When iovitergetpages2 fails in rdsmessagezcopyfromuser, the pinned pages are released with putpage, and rm-data.opmmpznotifier is cleared. But we fail to properly clear...