CVE-2026-45949

In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside the rngmutex lock, a concurrent hwrngunregister may...

BIT-AUTHENTIK-2025-64708 authentik invitation expiry is delayed by at least 5 minutes

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...

SUSE CVE-2025-64708

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...

GHSA-CH7Q-53V8-73PC authentik's invitation expiry is delayed by at least 5 minutes

Summary In previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5 minutes because the cleanup of expired objects is scheduled to run every 5 minutes...

CVE-2025-64708 authentik invitation expiry is delayed by at least 5 minutes

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...

CVE-2025-64708

The vulnerability CVE-2025-64708 affects authentik (open-source Identity Provider). Prior to versions 2025.8.5 and 2025.10.2, invitations remained valid despite expiration, relying on background cleanup every 5 minutes. In normal operation this cleanup can take up to 5 minutes, but with a large b...

Improper Resource Shutdown or Release

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to the delayed cleaning of multipart upload temporary files. An attacker can cause a denial-of-service by sending craft...

Apache Tomcat 11.0.0.M1 < 11.0.12

The version of Tomcat installed on the remote host is prior to 11.0.12. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.12security-11 advisory. - Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceedi...

UBUNTU-CVE-2024-56658

In the Linux kernel, the following vulnerability has been resolved: net: defer final 'struct net' free in netns dismantle Ilya reported a slab-use-after-free in dstdestroy 1 Issue is in xfrm6netinit and xfrm4netinit : They copy xfrm46dstopstemplate into net-xfrm.xfrm46dstops. But net structure...

ALPINE-CVE-2023-6516

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...