ROS-20260403-73-0023

A vulnerability in the mm/ptdump component of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability allows an attacker to cause a denial of service...

Unspecified Vulnerability in HCL Traveler

HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. HCL Traveler has a security vulnerability that stems from weak HTTP header validation, which can be exploited by an attack...

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...

EUVD-2026-16295

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...

CVE-2026-27814

EVerest EV charging software stack is affected: a data race (C++ undefined behavior) in ac_switch_three_phases_while_charging triggers when a 1-phase ↔ 3-phase switch request runs concurrently with the state machine loop. Affected versions are prior to 2026.02.0; version 2026.02.0 contains the pa...

CVE-2026-32398

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through = 1.5.15...

CVE-2026-22163

Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...

CVE-2026-25772

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module wdbdeltaevent.c. The SQL query construction logic...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the membership synchronization process. An attacker can gain unauthorized access to an entire private team by sending crafted membership synchronization messages from a remote cluster that trigger team...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.2.2 and earlier of the 11.2.x series, as well as versions 10.11.10 and earlier of the 10.11.x series, 11.4.0 and earlier of the 11.4.x series, and 11.3...

SUSE CVE-2026-23393

In the Linux kernel, the following vulnerability has been resolved: bridge: cfm: Fix race condition in peermep deletion When a peer MEP is being deleted, canceldelayedworksync is called on ccmrxdwork before freeing. However, brcfmframerx runs in softirq context under rcureadlock without RTNL and...

CVE-2026-23302

A flaw was found in the Linux kernel. This vulnerability involves data races within the networking subsystem, specifically related to how network socket pointers are handled concurrently by multiple central processing units CPUs. Without proper synchronization, this concurrent access can lead to...

CVE-2026-23281

A flaw was found in the Linux kernel's Marvell Libertas Wi-Fi driver. This vulnerability, a use-after-free, occurs because the system does not properly synchronize the freeing of memory with ongoing timer operations. If a timer attempts to access resources after they have been released, it can le...

CVE-2026-23348

In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...

CVE-2026-23281

In CVE-2026-23281, the Linux kernel Libertus wifi driver (lbs_free_adapter) uses non‑synchronous timer_delete() for command_timer and tx_lockup_timer, risking use‑after‑free if a timer callback runs during free. The callbacks (lbs_cmd_timeout_handler, lbs_tx_lockup_handler) access freed fields, c...

CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...

CVE-2025-64998

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

PT-2026-27382

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

ROS-20260324-73-0027

A vulnerability in the net/packet/afpacket.c component of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260324-73-0008

A vulnerability in the powerpc/eeh module of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability allows an attacker to cause a denial of service...