Lucene search
K

617 matches found

Github Security Blog
Github Security Blog
added 2026/04/14 11:15 p.m.8 views

Oxia affected by server crash via race condition in session heartbeat handling

Summary A race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timing with concurrent close calls, this can lead to either a...

8.7CVSS6AI score0.00202EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/14 11:15 p.m.8 views

GHSA-5GQC-QHRJ-9XW8 Oxia affected by server crash via race condition in session heartbeat handling

Summary A race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timing with concurrent close calls, this can lead to either a...

8.7CVSS6AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-34187

Name of the Vulnerable Software and Affected Versions Oxia versions prior to 0.16.2 Description A race condition exists between session heartbeat processing and session closure. The heartbeat method utilizes a blocking channel send while holding a mutex. Under specific timing with concurrent clos...

8.7CVSS6AI score0.00202EPSS
Exploits0References6
CVE
CVE
added 2026/04/13 12:0 a.m.18 views

CVE-2026-30998

FFmpeg 8.0.1 contains an improper resource deallocation and closure vulnerability in the tools/zmqsend.c component, which can be triggered by a crafted input file to cause a Denial of Service. The issue is documented across multiple connected sources (SUSE Red Hat, NVD, etc.) with no publicly ava...

7.5CVSS5.8AI score0.004EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32369

An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via supplying a crafted input file...

5.8AI score0.004EPSS
Exploits1References4
OSV
OSV
added 2026/04/09 5:34 p.m.6 views

GHSA-68X5-XX89-W9MM OpenClaw: resolvedAuth closure becomes stale after config reload

Impact resolvedAuth closure becomes stale after config reload. After a config reload, newly accepted gateway connections could continue using stale resolved auth state. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a...

5.1CVSS5.8AI score0.00215EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/08 5:18 a.m.7 views

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

8.7CVSS5.8AI score0.00534EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/07 11:16 p.m.7 views

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

8.7CVSS5.8AI score0.00534EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the PTP clock being accessible after the interface is closed, potentially leading to reuse after releas...

7.8CVSS5.8AI score0.00117EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/31 2:10 p.m.2 views

CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 2:10 p.m.26 views

CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...

7.5CVSS0.00359EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 2:10 p.m.33 views

CVE-2026-34209

The CVE-2026-34209 entry concerns the mppx TypeScript interface for the machine payments protocol. According to connected Red Hat/NVD/NVD-enriched data, the vulnerability lies in the tempo/session cooperative close handler, which validated the close voucher amount using < instead of

7.5CVSS5.8AI score0.00359EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/29 3:10 p.m.6 views

mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality

Impact The tempo/session cooperative close handler validated the close voucher amount using instead of = against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing...

7.5CVSS5.9AI score0.00359EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.10 views

PT-2026-28607

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References6
NVD
NVD
added 2026/03/18 8:16 a.m.11 views

CVE-2026-22321

A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...

5.3CVSS0.00366EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.7 views

PT-2026-26037

A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...

5.3CVSS6.2AI score0.00366EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/17 6:49 a.m.9 views

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

7.5CVSS5.8AI score0.00585EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.5 views

Schneider Electric多款产品 安全漏洞

Schneider Electric Modicon M241, among others, are programmable logic controllers produced by Schneider Electric, a French company. Several products from Schneider Electric have security vulnerabilities. These vulnerabilities stem from improper resource closure or release procedures, which may...

6.9CVSS5.8AI score0.00455EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.6 views

SUSE CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

7.5CVSS5.8AI score0.00413EPSS
Exploits0References3
OSV
OSV
added 2026/03/03 9:1 p.m.6 views

GHSA-5FVC-7894-GHP4 Craft CMS has Twig Function Blocklist Bypass

Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions. In order to be able to successfully execute this attack, you need to either have allowAdminChanges enabled on production, or a compromised admin account, or an...

8.6CVSS6AI score0.00464EPSS
Exploits0References5
Rows per page
Query Builder