13780 matches found
CVE-2026-23356
The CVE-2026-23356 issue affects the Linux kernel DRBD subsystem. A logic bug in drbd_al_begin_io_nonblock() could mis-handle a reference-counted extent when lc_get_cumulative() and lc_try_lock() timing collided, risking a crash or incorrect assumption that an activity log extent is active during...
CVE-2026-23350
In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC list which is part of gucid allocation. A damaged...
CVE-2026-23289 IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()
In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...
CVE-2026-23289
In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...
CVE-2026-23289 IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()
In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...
CVE-2026-23289
CVE-2026-23289 affects the Linux kernel (IB/mthca path) in which a missed mthca_unmap_user_db() for mthca_create_srq can trigger a leak on a failed system call. The vulnerability, with local attack vector and low privileges required, may lead to privilege escalation, DoS, or information leaks as ...
FreeBSD -- Remote code execution via RPCSEC_GSS packet validation
Problem Description: Each RPCSECGSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notabl...
GHSA-M2P3-HWV5-XPQW Scriban: Denial of Service via Unbounded Cumulative Template Output Bypassing LimitToString
Summary The LimitToString safety limit default 1MB since commit b5ac4bf can be bypassed to allocate approximately 1GB of memory by exploiting the per-call reset of currentToStringLength in ObjectToString. Each template expression rendered through TemplateContext.WriteSourceSpan, object triggers a...
Injection dompurify Dependency in Confluence Data Center
This High severity Injection vulnerability was introduced in versions 9.0.1, 9.0.3, 9.1.0, 9.2.14, and 10.2.3 of Confluence Data Center. This Injection vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L allows an unauthenticated attacker to...
EUVD-2026-14562
systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this i...
CVE-2026-29111 systemd: Local unprivileged user can trigger an assert
systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this i...
CVE-2026-29111
CVE-2026-29111: systemd local unprivileged user can trigger an assert via an unprivileged IPC API call with spurious data. The issue affects versions from v239 onward; older than v239 are not affected, while v249 and older exhibited stack overwriting, attacker-controlled content. Patches exist in...
RHEL 7 : grub2 (RHSA-2026:5233)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5233 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...
(Pwn2Own) Samsung Galaxy S25 Smart Touch Call Application Protection Mechanism Failure Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samsung Galaxy S25. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
GHSA-3R78-RQG8-95GG Duplicate Advisory: OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vqx8-9xxw-f2m7. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized...
EUVD-2026-13954
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state...
Duplicate Advisory: OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vqx8-9xxw-f2m7. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized...
CVE-2026-32053
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state...
CVE-2026-32053
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state...
CVE-2026-32053
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state...