1700 matches found
freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb
A heap buffer use after free has been discovered in FreeRDP. Asynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion...
freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event
A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...
CVE-2026-34771
A flaw was found in Electron, a framework for building desktop applications. This vulnerability, known as a use-after-free, occurs when an application registers an asynchronous permission request handler and a frame navigates or a window closes while the handler is pending. A remote attacker coul...
OSV-2026-534 Heap-buffer-overflow in cram_encode_container
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=499447432 Crash type: Heap-buffer-overflow READ 1 Crash state: cramencodecontainer cramflushcontainermt cramclose...
CVE-2026-34771
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscree...
EUVD-2026-18700
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smctcpsynrecvsock Syzkaller reported a panic in smctcpsynrecvsock 1. smctcpsynrecvsock is called in the TCP receive path softirq via icskafops-synrecvsock on the clcsock TCP listening...
CVE-2026-23450
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smctcpsynrecvsock Syzkaller reported a panic in smctcpsynrecvsock 1. smctcpsynrecvsock is called in the TCP receive path softirq via icskafops-synrecvsock on the clcsock TCP listening...
UBUNTU-CVE-2026-23450
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smctcpsynrecvsock Syzkaller reported a panic in smctcpsynrecvsock 1. smctcpsynrecvsock is called in the TCP receive path softirq via icskafops-synrecvsock on the clcsock TCP listening...
CVE-2026-23450
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smctcpsynrecvsock Syzkaller reported a panic in smctcpsynrecvsock 1. smctcpsynrecvsock is called in the TCP receive path softirq via icskafops-synrecvsock on the clcsock TCP listening...
CVE-2026-23450 net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smctcpsynrecvsock Syzkaller reported a panic in smctcpsynrecvsock 1. smctcpsynrecvsock is called in the TCP receive path softirq via icskafops-synrecvsock on the clcsock TCP listening...
PT-2026-30145
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the net/smc module within the smc tcp syn recv sock function. This issue involves a potential NULL pointer dereference and a use-after-free condition...
GO-2026-4899 Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted in github.com/bishopfox/sliver
Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel rportfwd close is attempted in github.com/bishopfox/sliver...
PT-2026-29943
Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel rportfwd close is attempted in github.com/bishopfox/sliver...
CVE-2026-34209
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event
A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...
freerdp: FreeRDP has a Heap-use-after-free in play_thread
A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...
Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1515)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1515 advisory. In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class CVE-2025-71239 In the Linux kernel, the following vulnerability has been...
CVE-2026-34209
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
CVE-2026-34209
The CVE-2026-34209 entry concerns the mppx TypeScript interface for the machine payments protocol. According to connected Red Hat/NVD/NVD-enriched data, the vulnerability lies in the tempo/session cooperative close handler, which validated the close voucher amount using < instead of