Lucene search
+L

2636 matches found

euvd
euvd
added 16 hours ago4 views

EUVD-2026-44823

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS6.1AI score
Exploits0References2
nvd
nvd
added yesterday5 views

CVE-2026-63175

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS
Exploits0References1
cvelist
cvelist
added yesterday31 views

CVE-2026-63175 Cross-Capture Session Data Leakage Due to Shared Mutable State in Looklyloo - PlaywrightCapture

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS
Exploits0References1
nvd
nvd
added yesterday5 views

CVE-2026-53518

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS0.00029EPSS
Exploits0References3
nvd
nvd
added yesterday6 views

CVE-2026-53517

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS0.00029EPSS
Exploits0References3
euvd
euvd
added yesterday4 views

EUVD-2026-44745

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References3
cve
cve
added yesterday10 views

CVE-2026-53517

CVE-2026-53517 affects Better Auth’s oauth-provider (and related memory adapter) prior to version 1.6.11. The POST /oauth2/token refresh_token flow performs a non-atomic read–validate–revoke–mint sequence on the oauthRefreshToken row, allowing concurrent requests with the same parent refresh toke...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References3
cve
cve
added yesterday12 views

CVE-2026-53518

CVE-2026-53518 affects the Better Auth ecosystem, specifically the @better-auth/oauth-provider token endpoint for the authorization_code grant (and legacy paths via oidc-provider/mcp plugins). A race condition arises from a non-atomic find-then-delete when redeeming a single-use authorization cod...

7.6CVSS6.2AI score0.00029EPSS
Exploits0References3
nvd
nvd
added 2 days ago3 views

CVE-2026-50676

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Media allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00244EPSS
Exploits0References1
mscve
mscve
added 2 days ago7 views

Windows App Package Installer Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows App Installer allows an authorized attacker to elevate privileges locally...

7CVSS6.2AI score0.00168EPSS
Exploits0
redhat
redhat
added 2 days ago11 views

kernel: net: bridge: use a stable FDB dst snapshot in RCU readers

A flaw was found in the Linux kernel. Inconsistent handling of local Forwarding Database FDB entries in the bridge networking component's RCU Read-Copy-Update readers can lead to a null-pointer dereference. A local attacker could exploit this by triggering a concurrent update to an FDB entry,...

5.5CVSS6AI score0.00123EPSS
Exploits0References5
redhat
redhat
added 2 days ago5 views

kernel: net: bridge: use a stable FDB dst snapshot in RCU readers

A flaw was found in the Linux kernel. Inconsistent handling of local Forwarding Database FDB entries in the bridge networking component's RCU Read-Copy-Update readers can lead to a null-pointer dereference. A local attacker could exploit this by triggering a concurrent update to an FDB entry,...

5.5CVSS6AI score0.00123EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2 days ago5 views

PT-2026-58174

Name of the Vulnerable Software and Affected Versions Windows 11 affected versions not specified Windows Server 2025 affected versions not specified Description A race condition exists in the Windows USB Print Driver. This occurs when concurrent execution using a shared resource happens with...

7CVSS6.2AI score0.00156EPSS
Exploits0References3
euvd
euvd
added last week12 views

EUVD-2026-33939

mint: Unbounded streams map growth via PUSHPROMISE without follow-up HEADERS...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References5
photon
photon
added 2026/07/08 12:0 a.m.5 views

Important Photon OS Security Update - PHSA-2026-4.0-1052

Updates of 'python3-pyOpenSSL', 'rubygem-oj', 'python3-lxml', 'rubygem-concurrent-ruby', 'rubygem-nokogiri' packages of Photon OS have been released...

2.1CVSS6.1AI score0.00119EPSS
Exploits0
github
github
added 2026/07/07 8:56 p.m.9 views

@better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive

Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0, or enables the legacy oidc-provider or mcp plugins from better-auth/plugins. - Their application exposes /api/auth/oauth2/token o...

7.6CVSS6AI score0.00029EPSS
Exploits0References3Affected Software2
patchstack
patchstack
added 2026/07/07 8:56 p.m.5 views

NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive

NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.11...

7.6CVSS6AI score0.00029EPSS
Exploits0References3Affected Software1
github
github
added 2026/07/07 8:55 p.m.11 views

Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption

Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0. - At least one OAuth client served by their application's authorization server requests the offlineaccess scope, so refresh token...

8.1CVSS5.9AI score0.00029EPSS
Exploits0References4Affected Software2
patchstack
patchstack
added 2026/07/07 8:55 p.m.6 views

NPM: Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption

NPM: Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption vulnerability discovered by ? in WordPress Npm better-auth versions = 1.4.8-beta.7, 1.6.0...

8.1CVSS5.9AI score0.00029EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.7 views

PT-2026-56301

Name of the Vulnerable Software and Affected Versions @better-auth/oauth-provider versions 1.6.0 through 1.6.10 better-auth versions 1.4.8-beta.7 through 1.5.x Description The @better-auth/oauth-provider POST /oauth2/token endpoint is susceptible to a race condition during the refresh token grant...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References7
Rows per page
Query Builder