CVE-2026-5516

IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window...

CVE-2026-5516

IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window...

EUVD-2026-32487

IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window...

CVE-2026-5516 IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability

IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window...

CVE-2026-5516

IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window...

CVE-2026-5516

CVE-2026-5516 affects IBM WebSphere Application Server Liberty 22.0.0.11–26.0.0.5. The vulnerability allows a remote attacker to bypass security under limited conditions by exploiting a timing window. The IBM advisory notes the affected appSecurity-3.0/4.0/5.0 feature settings and lists the base ...

CVE-2026-5516 IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability

IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window...

kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()

A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...

CVE-2026-42592

Gotenberg (v7/v8) contains a DNS rebinding/SSRF issue in the FilterOutboundURL flow. Before 8.32.0, FilterOutboundURL resolves hostnames, filters IPs against a private-address deny-list, but discards the resolved addresses. Chromium then performs its own DNS resolution when navigating to the URL,...

CVE-2026-42592 Gotenberg: DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when i...

GHSA-2PMR-289P-44R3 Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Summary FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostname...

PT-2026-38445

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPT RESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DN...

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 CVSS score: 7.8, the issue could allow an attacker to seize control of a susceptible system. "This flaw...

EUVD-2014-0155

Malware in sbrugna...

EUVD-2021-19741

Malware in sbrugna...

EUVD-2020-12665

Malware in sbrugna...

OESA-2025-2066 restic security update

restic is a backup program. It supports verification, encryption, snapshots and deduplication. Security Fixes: A vulnerability was found in Microsoft Azure Identity Library and Microsoft Authentication Library Cloud Software the affected version unknown. It has been rated as problematic.Using CWE...

UBUNTU-CVE-2022-42320

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries...

CVE-2021-33020 Philips Vue PACS Use of a Key Past its Expiration Date

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key...

Race condition

There is a race condition vulnerability in eCNS280TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal...