CVE-2026-31399

CVE-2026-31399 concerns the Linux kernel, specifically a use-after-free in the nvme/nvdimm bus async initialization path. The issue arises if device_add() fails during nd_async_device_register(): the parent device reference could drop to 0 before the parent pointer is accessed, leading to use-aft...

Use After Free

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free via the session.setPermissionRequestHandler process. An attacker can cause a crash or memory...

PT-2026-30001

Impact Apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invokin...

SUSE CVE-2026-23414

In the Linux kernel, the following vulnerability has been resolved: tls: Purge asynchold in tlsdecryptasyncwait The asynchold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once tlsdecryptasyncwait returns, every AEAD operation has completed and the engin...

CVE-2026-28805

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the optionsstato GET parameter. The user-supplied value is read from...

CVE-2026-28805 OpenSTAManager: Time-Based Blind SQL Injection via `options[stato]` Parameter

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the optionsstato GET parameter. The user-supplied value is read from...

PT-2026-29848

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could...

TP-Link Tapo C520WS 安全漏洞

The TP-Link Tapo C520WS is a WiFi camera produced by TP-Link Corporation. The TP-Link Tapo C520WS v2.6 version contains a security vulnerability. This vulnerability arises from insufficient buffer boundary alignment and validation during the asynchronous parsing of local video stream content, whi...

EUVD-2026-18048

AIOHTTP accepts duplicate Host headers...

EUVD-2026-18037

AIOHTTP has CRLF injection through multipart part content type header construction...

CVE-2026-34525 AIOHTTP: Duplicate Host header accepted

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

CVE-2026-34516

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....

CVE-2026-34514

CVE-2026-34514 affects AIOHTTP prior to 3.13.4, where the content_type parameter used when constructing multipart headers could enable CRLF injection leading to extra header insertion. The vulnerability is mitigated by upgrading to 3.13.4, which patches the issue. The CVSS data (MEDIUM, network v...

kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM subsystem. An authenticated local attacker could exploit a Use-After-Free UAF vulnerability in the /proc/net/atm/lec handling. This flaw occurs due to improper devput calls without prior devhold calls, leading to an imbalance i...

PT-2026-29501

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The ajax component was excluded from the default logged-in-user check in the administrative area, which may have been unexpected by third-party developers...

PT-2026-29603

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. An attacker controlling the content type parameter in aiohttp could inject extra headers or similar exploits. If an...

PT-2026-29602

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP, an asynchronous HTTP client/server framework, is susceptible to excessive memory usage due to an unbounded DNS cache. This can potentially lead to a Denial of Service DoS situation if an...

PT-2026-29610

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description Multiple Host headers were permitted in AIOHTTP, potentially allowing a reverse proxy's security rules to be bypassed. This could lead to a request being processed by AIOHTTP in a privileged sub...

ROS-20260401-73-0033

A vulnerability in the createHook function of the asynchooks module of the Node.js software platform is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

PT-2026-29601

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description Insufficient restrictions in header/trailer handling could lead to uncapped memory usage. An application could experience memory exhaustion when processing attacker-controlled requests or responses....