CVE-2026-27630 TinyWeb vulnerable to Remote Denial of Service via Thread/Connection Exhaustion (Slowloris)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service DoS attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit or an appropriate...

CVE-2026-27630

CVE-2026-27630 affects TinyWeb (Delphi, Win32) prior to version 2.02. The vulnerability is a Denial of Service via Slowloris: the server spawns an OS thread per incoming connection without concurrency limits or proper request timeouts, allowing an unauthenticated attacker to exhaust threads and m...

CVE-2026-25959

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfcliprdrprovidedata passes freed pDstData to XChangeProperty because the cliprdr channel thread calls xfcliprdrserverformatdataresponse which converts and uses the clipboard data without holding any lock,...

Optimizations in Spring MVC

Spring Fruits Benchmark Abstract Benchmarks are tricky to do well, and the results are often hard to interpret. This analysis attempts to go beyond a simple headline number to explore how performance varies with data set size. The results show that while results might be disappointing for a given...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview @langchain/langgraph-checkpoint-mongodb is a LangGraph Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the list method in the RedisSaver and ShallowRedisSaver classes when...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glibc (SUSE-SU-2026:0371-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0371-1 advisory. Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in...

Security update for glibc

This update for glibc fixes the following issues: Security fixes: CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow bsc1256766. CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in nssdnsgetnetbyaddrr bsc1256822...

PT-2026-5671

Memory Corruption when multiple threads simultaneously access a memory free API...

Azure Linux 3.0 Security Update: kernel (CVE-2024-38667)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38667 advisory. - In the Linux kernel, the following vulnerability has been resolved: riscv: prevent ptregs corruption for...

CVE-2025-68492

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

CVE-2026-22856 FreeRDP has a heap-use-after-free in create_irp_thread

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it. This vulnerability is fixed in 3.20.1...

CVE-2026-22856

FreeRDP (CVE-2026-22856): A race in the serial channel IRP thread tracking can cause a heap-use-after-free when one thread removes an entry from serial->IrpThreads while another reads it. This issue is fixed in FreeRDP 3.20.1. The vulnerability affects pre-3.20.1 releases; no exploitation deta...

Chainlit contains an authorization bypass vulnerability

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

CVE-2025-68492

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

CVE-2025-68492

Chainlit contains an authorization bypass vulnerability (CVE-2025-68492) affecting versions prior to 2.8.5. An attacker who can log in may view threads or obtain thread ownership due to a user-controlled key flaw (CWE-639). Documented impact is limited to those who can authenticate; no exploit sp...

PT-2026-2833

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

CVE-2025-47356

Memory Corruption when multiple threads concurrently access and modify shared resources...

GHSA-5RFX-CP42-P624 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write

A vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the...

CVE-2025-66560

The CVE-2025-66560 entry describes a Quarkus REST HTTP-layer vulnerability where, during response writing, the framework waits for prior chunks to finish transmission. If the client closes the connection mid-wait, the worker thread is not released and becomes blocked, potentially exhausting worke...

PT-2026-1858

Name of the Vulnerable Software and Affected Versions Quarkus versions prior to 3.31.0 Quarkus versions prior to 3.27.2 Quarkus versions prior to 3.20.5 Description Quarkus is a Cloud Native framework for Java applications. A flaw exists in the HTTP layer related to response handling. When writin...