freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of the cmpxchg serialization to access so-tx.buf. This vulnerability may lead to the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the cyclic locking dependency between reqlock and the work queue in nciclosedevice, potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-31509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfc: nci: fix circular locking dependency in nciclosedevice nciclosedevice flushes rxwq and txwq while holding reqlock. This causes a circular locking dependenc...

PT-2026-34414

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A circular locking dependency exists in the NFC NCI component. The nci close device function flushes rx wq and tx wq while holding the req lock mutex. This creates a conflict because nci...

CVE-2026-40943 Oxia: Server crash via race condition in session heartbeat handling

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

EUVD-2026-24498

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

CVE-2026-40943

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

OpenClaw: Browser tabs action select and close routes bypassed SSRF policy

Summary Browser tabs action select and close routes bypassed SSRF policy. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The browser /tabs/action select and close branches could operate on targets without enforcing configured browser SSRF...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010666)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010666 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBD...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007556)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007556 advisory. In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. I...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007188)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007188 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBD...

EUVD-2026-21997

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be...

UBUNTU-CVE-2026-33555

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be...

PT-2026-32395

Name of the Vulnerable Software and Affected Versions HAProxy versions 2.6 through 3.3.5 Description The HTTP/3 parser fails to verify that the received body length aligns with a previously announced content-length when a stream is closed using a frame with an empty payload. This discrepancy can...

freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb

A heap buffer use after free has been discovered in FreeRDP. Asynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion...

freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb

A heap buffer use after free has been discovered in FreeRDP. Asynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion...

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event

A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...