12400 matches found
PT-2026-53991
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated remote attacker can repeatedly send crafted connection requests to cause a memory leak. In single-process deployments, the memory consumption...
CVE-2026-54233
A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker could exploit a vulnerability in the /v1/audio/transcriptions endpoint. By uploading a specially crafted compressed audio file, such as an OPUS file, the attacker could cause the system to...
GHSA-V2JF-442R-6MJH nebula-mesh: Signed-poll nonce LRU is in-memory and bounded; replay survives restart + eviction
internal/api/pop/nonce.go:25,40,86 + internal/api/server.go:38 — the signed-poll nonce cache is an in-process LRU sized at 65,536 entries. internal/api/updates.go:31 sets pollClockSkew = 5 time.Minute as the replay window. Affected All released versions through v0.3.0 that have shipped the ADR 00...
EUVD-2025-210343
Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like...
GO-2026-5758 containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull in github.com/containerd/containerd
containerd CRI — image-config LABEL flows to restart-monitor binary:// logger: host-root command execution from an image pull in github.com/containerd/containerd...
CVE-2026-40983
A flaw was found in Micrometer. A remote attacker can provide specially crafted gRPC gRPC Remote Procedure Call requests, which may lead to a denial-of-service DoS condition. This vulnerability allows an attacker to disrupt the availability of the affected system. Mitigation To mitigate this issu...
keycloak: Keycloak: Unauthorized account access via replayed refresh tokens after cluster restart
A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...
SUSE CVE-2026-52924
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
PT-2026-52616
Name of the Vulnerable Software and Affected Versions Flowise affected versions not specified Description An unauthenticated path traversal issue exists in the '/api/v1/document-store/loader/process' endpoint. This flaw allows attackers to write arbitrary files to the filesystem by using...
EUVD-2026-38954
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix racing timeout handler The bcmgenettimeout handler tries to take down all tx queues when a single queue times out. This is over zealous and causes many race conditions with queues that are still chugging along...
CVE-2026-53086 net: bcmgenet: fix racing timeout handler
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix racing timeout handler The bcmgenettimeout handler tries to take down all tx queues when a single queue times out. This is over zealous and causes many race conditions with queues that are still chugging along...
Astra Linux – Vulnerability in cups
OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and earlier, there was an integer underflow vulnerability in the ppdCreateFromIPP function cups/ppd-cache.c. This vulnerability allowed any unprivileged local user to crash the...
CVE-2026-52924
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
UBUNTU-CVE-2026-52924
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
CVE-2026-52924
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
CVE-2026-52924
The CVE-2026-52924 entry describes a Linux kernel SCTP use-after-free vulnerability triggered during Stale COOKIE-ECHO handling. In COOKIE_WAIT transitions, sctp_stream_update() can leave a stale out_curr pointer after rolling back from COOKIE_ECHOED to COOKIE_WAIT, so scheduler paths (FCFS/RR/PR...
CVE-2026-52924 sctp: purge outqueue on stale COOKIE-ECHO handling
In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...
PT-2026-51980
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The bcmgenet timeout handler incorrectly attempts to shut down all transmit tx queues when only a single queue experiences a timeout. This behavior creates race conditions—situations whe...
CVE-2026-12205
A flaw was found in Crypt::DSA, a Perl module for Digital Signature Algorithm DSA cryptography. This vulnerability occurs because the software reuses a unique random number, known as a nonce, for multiple digital signatures generated with the same cryptographic key. An attacker could exploit this...
CVE-2026-50589
A flaw was found in OpenStack Ironic. An unauthenticated malicious user could exploit this vulnerability by submitting a specially crafted JSON JavaScript Object Notation string to certain API Application Programming Interface or JSON-RPC Remote Procedure Call service endpoints. This could lead t...