Lucene search
K

619 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 7:17 p.m.6 views

CVE-2026-53358

A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol implementation. This vulnerability arises from an incorrect order of acquiring locks during channel cleanup, which could lead to a race condition. This issue could potentially cause instability or...

5.5CVSS5.8AI score0.00165EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 5:33 p.m.13 views

CVE-2026-49432

A flaw was found in Apache ActiveMQ. A remote, unauthenticated attacker can exploit an improper input validation vulnerability by sending a specially crafted message with a negative content-length to an exposed STOMP connector. This can lead to a denial of service DoS condition, either by consumi...

7.5CVSS5.6AI score0.00844EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/12 8:9 p.m.29 views

PyO3 has a missing `Sync` bound on `PyCFunction::new_closure` closures

PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...

5.6AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/12 8:9 p.m.6 views

GHSA-CHGR-C6PX-7XPP PyO3 has a missing `Sync` bound on `PyCFunction::new_closure` closures

PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...

6.3CVSS5.7AI score
Exploits0References4
Veracode
Veracode
added 2026/06/12 2:58 p.m.12 views

Direct-Memory Resource Leak

RedisArrayAggregator is vulnerable to a direct-memory resource leak. The vulnerability is due to unreleased pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregation completes, which allows an attacker to repeatedly trigger connection churn and exhaust t...

8.7CVSS5.2AI score0.005EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/06/11 12:0 p.m.27 views

RUSTSEC-2026-0177 Missing `Sync` bound on `PyCFunction::new_closure` closures

PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...

5.5AI score
Exploits0References3
RustSec
RustSec
added 2026/06/11 12:0 p.m.12 views

Missing `Sync` bound on `PyCFunction::new_closure` closures

PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...

5.5AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Quest Bot 信息泄露漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained an information leakage vulnerability. This vulnerability stemmed from improper settings in the ticket recording channel, which could expose private...

5.7CVSS5.3AI score0.00251EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 8:41 p.m.8 views

GHSA-2Q52-X2FF-QGFR Twig: Possible sandbox bypass when using a source policy

Description When using the sandbox with a SourcePolicyInterface, Twig does not always apply the sandbox restriction that forbids non-Closure callbacks for callback-accepting filters. The issue affects the sort, filter, map, and reduce filters. In the affected versions, the runtime check that...

8.8CVSS5.8AI score0.00738EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.16 views

CVE-2026-37552

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...

8.4CVSS5.9AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.8 views

CVE-2026-40943

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

8.7CVSS5.7AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 1:32 a.m.12 views

CVE-2026-45918

A flaw was found in the Linux kernel's handling of OpenVPN Open Virtual Private Network TCP Transmission Control Protocol connections. A race condition can occur when a userspace process closes a socket while a peer is in the kernel's release list. This can lead to a null pointer dereference when...

5.5CVSS5.8AI score0.00163EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:4 a.m.11 views

CVE-2026-45251

A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, t...

7.8CVSS5.7AI score0.0017EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Rails

Action Pack is a framework for handling and responding to web requests. Under certain circumstances, response bodies may not be closed properly. If a response does not notify the system of a close operation, ActionDispatch::Executor will not know to reset the thread local state for the next...

7.4CVSS6.3AI score0.02207EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the QEMU NBD Server. This vulnerability allows for a Denial-of-Service DoS attack through improper synchronization during socket closure, where a client keeps a socket open while the server is offline...

7.5CVSS7AI score0.01027EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Binder: Ensure that fd closures are completed properly. During the processing of BCFREEBUFFER, the BINDERTYPEFDA object cleanup may close one or more file descriptors fd. These close operations are performed using the task work...

5.5CVSS6.3AI score0.0025EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in openimageio

There are multiple denial-of-service vulnerabilities in the image output closing functionality of the OpenImageIO Project’s OpenImageIO v2.4.4.2. Specifically crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious inputs to exploit these...

5.9CVSS6.8AI score0.01244EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Firefox

By using XSL Transforms, a malicious webserver could serve a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox versions earlier than 97...

8.8CVSS7.3AI score0.00586EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2026/05/19 4:27 p.m.18 views

Inside the 2026 Verizon DBIR: What One Billion Records Revealed About Vulnerability Remediation

The Verizon 2026 Data Breach Investigations Report has been published. Qualys is proud to have served as a research partner and contributor, contributing analysis of more than one billion anonymized vulnerability remediation records across four consecutive DBIR reporting cycles of CISA Known...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/13 7:17 p.m.10 views

CVE-2026-42577

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...

7.5CVSS0.00408EPSS
Exploits0References3
Rows per page
Query Builder