Lucene search
+L

286 matches found

snyk
snyk
added 2026/01/07 10:55 p.m.2 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition via the Request function in the client.go file. An attacker can access or leak proxy configuration and potentially sensitive data by exploiting concurrent requests that mutate shared HTTP client properties without...

8.2CVSS6.8AI score0.00363EPSS
Exploits0References2
euvd
euvd
added 2026/01/07 10:29 p.m.8 views

EUVD-2026-1381

axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...

8.2CVSS6.4AI score0.00363EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/01/07 10:29 p.m.2 views

CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak

axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...

8.2CVSS6.5AI score0.00363EPSS
Exploits0References3
osv
osv
added 2026/01/07 10:29 p.m.5 views

CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak

axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...

8.2CVSS6.6AI score0.00363EPSS
Exploits0References5
cve
cve
added 2026/01/07 10:29 p.m.24 views

CVE-2026-21697

CVE-2026-21697 affects the Go HTTP client library axios4go. Prior to version 0.6.4, a race condition mutates the shared default http.Client configuration during request execution without synchronization, directly altering Transport, Timeout, and CheckRedirect. This can enable leakage of proxy con...

8.2CVSS6.5AI score0.00363EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/01/07 12:0 a.m.10 views

PT-2026-2093

Name of the Vulnerable Software and Affected Versions axios4go versions prior to 0.6.4 Description axios4go is a Go HTTP client library affected by a race condition in its shared HTTP client configuration. The global defaultClient is modified during request execution without proper synchronizatio...

8.2CVSS6.9AI score0.00363EPSS
Exploits0References10
vulnrichment
vulnrichment
added 2025/12/18 5:29 a.m.4 views

CVE-2025-47350 Use After Free in DSP Service

Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application...

7.8CVSS6.7AI score0.00075EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/11 11:4 p.m.6 views

CVE-2025-67505

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...

8.4CVSS6.9AI score0.00185EPSS
Exploits0References1
nvd
nvd
added 2025/12/10 11:15 p.m.5 views

CVE-2025-67490

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

5.4CVSS0.00178EPSS
Exploits0References2
cve
cve
added 2025/12/10 10:19 p.m.23 views

CVE-2025-67505

The CVE-2025-67505 entry describes a race condition in the Okta Java Management SDK (versions 11.0.0 through 20.0.0) caused by concurrent requests using the ApiClient class. This condition can allow the status code or response header from one request to influence another request’s response. Red H...

8.4CVSS6.5AI score0.00185EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2025/12/10 10:19 p.m.24 views

CVE-2025-67505 Race condition in the Okta Java SDK

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...

8.4CVSS0.00185EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/12/10 10:19 p.m.3 views

CVE-2025-67505 Race condition in the Okta Java SDK

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...

8.4CVSS6.5AI score0.00185EPSS
Exploits0References2
osv
osv
added 2025/12/10 10:19 p.m.7 views

CVE-2025-67505 Race condition in the Okta Java SDK

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...

8.4CVSS6.8AI score0.00185EPSS
Exploits0References4
cvelist
cvelist
added 2025/12/10 10:16 p.m.22 views

CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

5.4CVSS0.00178EPSS
Exploits0References2
cve
cve
added 2025/12/10 10:16 p.m.15 views

CVE-2025-67490

CVE-2025-67490 affects the Auth0 Next.js SDK (auth0/nextjs-auth0). Versions 4.11.0–4.11.2 and 4.12.0 may cause simultaneous requests on the same client to produce improper lookups in the TokenRequestCache. The issue is fixed in versions 4.11.2 and 4.12.1. If you rely on this SDK, upgrade to 4.11....

5.4CVSS6.5AI score0.00178EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2025/12/10 12:0 a.m.4 views

nextjs-auth0 安全漏洞

nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A security vulnerability exists in nextjs-auth0 versions 4.11.0 through 4.11.2 and 4.12.0, which stems from the fact that simultaneous requests on the same client may result in improper lookups in TokenRequestCache...

5.4CVSS6.5AI score0.00178EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/12/10 12:0 a.m.5 views

Okta Java Management SDK 竞争条件问题漏洞

Okta Java Management SDK is an open source Java development toolkit from Okta, Inc. A Competitive Condition Issue vulnerability exists in Okta Java Management SDK versions 11.0.0 through 20.0.0, which arises from concurrent requests using the ApiClient class that may result in a competitive...

8.4CVSS6.5AI score0.00185EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/12/10 12:0 a.m.8 views

PT-2025-50552

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

5.4CVSS7AI score0.00178EPSS
Exploits0References4
snyk
snyk
added 2025/12/02 6:35 a.m.0 views

Race Condition

Overview lifx-async is an A modern, type-safe, async Python library for controlling LIFX lights Affected versions of this package are vulnerable to Race Condition due to improper synchronization in concurrent request handling within the network module. The package fails to implement adequate...

8.3CVSS7AI score
Exploits0References3
susecve
susecve
added 2025/11/26 12:24 a.m.4 views

SUSE CVE-2025-59089

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

5.9CVSS7.1AI score0.00511EPSS
Exploits0References5
Rows per page
Query Builder