HP ENVY 5000 Series 安全漏洞

The HP ENVY 5000 Series is a series of integrated inkjet printers from the American company HP that support wireless printing and scanning. The HP ENVY 5000 Series VERBASPP1N003.2237A.00 version has a security vulnerability. This vulnerability stems from improper management of concurrent TCP...

CVE-2026-39806 HTTP/1 chunked decoder infinite loop on requests with trailer fields in bandit

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...

SUSE CVE-2026-43023

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...

EUVD-2026-26622

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...

CVE-2026-43023 Bluetooth: SCO: fix race conditions in sco_sock_connect()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...

CVE-2026-33254

An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default...

CVE-2026-33254

An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default...

EUVD-2026-9201

Textream is a free macOS teleprompter app. Prior to version 1.5.1, the DirectorServer WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server...

Textream 资源管理错误漏洞

Textream is a teleprompter application. A resource management error vulnerability exists in Textream that stems from the DirectorServer WebSocket server not limiting concurrent connections, which can be exploited by an attacker to cause CPU and memory exhaustion, freezing and crashing the...

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

Summary Cross-client data leak via two distinct issues: 1 reusing a single StreamableHTTPServerTransport across multiple client requests, and 2 reusing a single McpServer/Server instance across multiple transports. Both are most common in stateless deployments. Impact This advisory covers two...

EVMAPA code-related vulnerabilities

EVMAPA is a navigation app for electric vehicle charging stations developed by Daniel Jurik. EVMAPA has code-related vulnerabilities. These vulnerabilities stem from the system’s ability to allow multiple concurrent connections using the same charging station ID, along with insufficient session...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...

CVE-2026-22542

The CVE-2026-22542 entry concerns EFACEC charging systems where an attacker on the internal network can cause a denial of service by establishing two concurrent Telnet connections to the system. The root cause is exposure of the Telnet service to concurrent connections leading to availability imp...

CVE-2026-22542 DENIAL OF SERVICE FOR CONCURRENT CONNECTIONS ON TELNET

An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service...

CVE-2026-22542 DENIAL OF SERVICE FOR CONCURRENT CONNECTIONS ON TELNET

An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service...

EFACEC QC 安全漏洞

EFACEC Efacec QC is a series of electric vehicle charging posts from EFACEC Portugal. A security vulnerability exists in the EFACEC QC 60/90/120, which originates from the fact that an attacker can establish two concurrent connections via the Telnet service, which may result in a denial of servic...

EUVD-2007-6528

Malware in sbrugna...

TOTOLINK X6000R Improper Input Validation Vulnerability

TOTOLINK X6000R is a wireless router supporting Wi-Fi 6 technology from China's Gion Electronics TOTOLINK, focusing on high concurrent connections and dual-band transmission capabilities. The TOTOLINK X6000R suffers from an improper input validation vulnerability, which can be exploited by...

CVE-2023-1907

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...