2494 matches found
UBUNTU-CVE-2026-39865
Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...
CVE-2026-39865 Axios HTTP/2 Session Cleanup State Corruption Vulnerability
Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...
CVE-2026-39865
Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...
CVE-2026-39865 Axios HTTP/2 Session Cleanup State Corruption Vulnerability
Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...
CVE-2026-39865
Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...
CVE-2026-39865
Axios HTTP/2 session cleanup state corruption in Http2Sessions.getSession() (lib/adapters/http.js) is fixed in 1.13.2. Prior to 1.13.2, the cleanup logic could corrupt state when removing sessions from the sessions array, allowing a malicious server to crash the client process via concurrent sess...
freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event
A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...
ROS-20260408-73-0012
A vulnerability in the rcupreemptdeferredqshandler function of the kernel/rcu/treeplugin.h component of the Linux operating system kernel is related to simultaneous execution using a shared resource with incorrect synchronization. Exploitation of the vulnerability allows an attacker to cause a...
PT-2026-31322
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability exists in the...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006694)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006694 advisory. In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in traceprintkseq during ftracedump When calling ftracedumpone...
freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event
A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free...
CVE-2025-54602
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a use-after-free. An attacker can trigger a race condition by invoking ...
EUVD-2025-209249
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a double free. An attacker can trigger a race condition by invoking an...
CVE-2025-54601
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a double free. An attacker can trigger a race condition by invoking an...
EUVD-2025-209222
Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling...
BIT-PARSE-2026-34363 Parse Server: LiveQuery protected field leak via shared mutable state across concurrent subscribers
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.65 and 9.7.0, when multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using shared mutable objects. The...
BIT-PARSE-2026-34224 Parse Server: MFA single-use token bypass via concurrent authData login requests
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple authenticated...
CVE-2025-54602
CVE-2025-54602 concerns the Wi-Fi driver in Samsung’s Mobile Processor and Wearable Processor line (Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, W1000). The root cause is improper synchronization on a global variable causing a use-after-free. An attacker can trigger a race con...
PT-2026-30634
Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling...
CVE-2025-54602
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a use-after-free. An attacker can trigger a race condition by invoking ...