EUVD-2026-26268

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the...

CVE-2026-26206

Wazuh server API brute-force protection for POST /security/user/authenticate can be bypassed via a race condition when handling concurrent authentication requests. From versions 4.0.0 up to before 4.14.4, sequential requests honor the max_login_attempts threshold (default 50) but parallel bursts ...

CVE-2026-41913

OpenClaw before 2026.4.4 contains a race condition in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget on Tailscale-capable paths. Attackers can exploit multiple simultaneous authentication attempts to circumvent intended rate-limit...

CVE-2026-41913 OpenClaw < 2026.4.4 - Rate-Limit Bypass via Concurrent Async Authentication Attempts

OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended...

CVE-2026-41913 OpenClaw < 2026.4.4 - Rate-Limit Bypass via Concurrent Async Authentication Attempts

OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended...

PT-2026-35795

OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended...

secops-ai-threat-analyzer

🛡️ SecOpsAI: Threat Analysis & Adaptive Security Engine An e...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014323)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014323 advisory. In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix missing hfsbnodeget in hfsbnodecreate When sync and link are called concurrently,...

CVE-2026-31680

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: flowlabel: defer exclusive option free until RCU teardown ip6flseqshow walks the global flowlabel hash under the seq-file RCU read-side lock and prints fl-opt-optnflen when an option block is present. Exclusive...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the premature release of exclusive options in the ip6flowlabel when the reference count reaches...

CVE-2026-31551

A flaw was found in the mac80211 Wi-Fi subsystem of the Linux kernel. A local user could exploit a race condition in the aqlenablewrite function, which does not properly handle concurrent write operations to the debug file system. This could lead to a staticbranchdec underflow, resulting in a...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the aqlenablewrite function not being serialized during concurrent writing, potentially leading to an...

Mattermost Server 10.11.x <= 10.11.13 / 11.3.x < 11.3.3 / 11.4.x < 11.4.3 / 11.5.x < 11.5.1 / 11.6.0 Multiple Vulnerabilities (MMSA-2026-00624 / MMSA-2026-00625)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities: - Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker wit...

SUSE CVE-2026-33259

Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained a security vulnerability. This vulnerability stemmed from the lack of a shared pre-authentication concurrency budget for the public LINE webhook path, allowing...

CVE-2026-34062

CVE-2026-34062 affects the Nimiq libp2p integration. Before version 1.3.0, MessageCodec::read_request and read_response call read_to_end() on inbound substreams, allowing a remote peer to send only a partial frame and keep the substream open. Additionally, Behaviour::new sets with_max_concurrent_...

EUVD-2026-24994

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

uutils coreutils has a Link Following issue

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the ONOFOLLOW flag. An attacker with...

CVE-2026-35359

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the ONOFOLLOW flag. An attacker with...

CVE-2026-35356

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...