2636 matches found
EUVD-2026-44823
PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...
CVE-2026-63175
PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...
CVE-2026-63175 Cross-Capture Session Data Leakage Due to Shared Mutable State in Looklyloo - PlaywrightCapture
PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...
CVE-2026-53518
Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...
CVE-2026-53517
Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...
EUVD-2026-44745
Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...
CVE-2026-53517
CVE-2026-53517 affects Better Auth’s oauth-provider (and related memory adapter) prior to version 1.6.11. The POST /oauth2/token refresh_token flow performs a non-atomic read–validate–revoke–mint sequence on the oauthRefreshToken row, allowing concurrent requests with the same parent refresh toke...
CVE-2026-53518
CVE-2026-53518 affects the Better Auth ecosystem, specifically the @better-auth/oauth-provider token endpoint for the authorization_code grant (and legacy paths via oidc-provider/mcp plugins). A race condition arises from a non-atomic find-then-delete when redeeming a single-use authorization cod...
CVE-2026-50676
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Media allows an authorized attacker to elevate privileges locally...
Windows App Package Installer Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows App Installer allows an authorized attacker to elevate privileges locally...
kernel: net: bridge: use a stable FDB dst snapshot in RCU readers
A flaw was found in the Linux kernel. Inconsistent handling of local Forwarding Database FDB entries in the bridge networking component's RCU Read-Copy-Update readers can lead to a null-pointer dereference. A local attacker could exploit this by triggering a concurrent update to an FDB entry,...
kernel: net: bridge: use a stable FDB dst snapshot in RCU readers
A flaw was found in the Linux kernel. Inconsistent handling of local Forwarding Database FDB entries in the bridge networking component's RCU Read-Copy-Update readers can lead to a null-pointer dereference. A local attacker could exploit this by triggering a concurrent update to an FDB entry,...
PT-2026-58174
Name of the Vulnerable Software and Affected Versions Windows 11 affected versions not specified Windows Server 2025 affected versions not specified Description A race condition exists in the Windows USB Print Driver. This occurs when concurrent execution using a shared resource happens with...
EUVD-2026-33939
mint: Unbounded streams map growth via PUSHPROMISE without follow-up HEADERS...
Important Photon OS Security Update - PHSA-2026-4.0-1052
Updates of 'python3-pyOpenSSL', 'rubygem-oj', 'python3-lxml', 'rubygem-concurrent-ruby', 'rubygem-nokogiri' packages of Photon OS have been released...
@better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0, or enables the legacy oidc-provider or mcp plugins from better-auth/plugins. - Their application exposes /api/auth/oauth2/token o...
NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive
NPM: @better-auth/oauth-provider's OAuth authorization-code grant allows concurrent redemption when two token requests race the find-then-delete primitive vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.11...
Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0. - At least one OAuth client served by their application's authorization server requests the offlineaccess scope, so refresh token...
NPM: Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption
NPM: Better Auth: OAuth refresh-token rotation forks the token family on concurrent redemption vulnerability discovered by ? in WordPress Npm better-auth versions = 1.4.8-beta.7, 1.6.0...
PT-2026-56301
Name of the Vulnerable Software and Affected Versions @better-auth/oauth-provider versions 1.6.0 through 1.6.10 better-auth versions 1.4.8-beta.7 through 1.5.x Description The @better-auth/oauth-provider POST /oauth2/token endpoint is susceptible to a race condition during the refresh token grant...