2495 matches found
CVE-2026-28789 OliveTin: Unauthenticated DoS via concurrent map writes in OAuth2 state handling
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...
CVE-2026-28789
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...
CVE-2026-28789 OliveTin: Unauthenticated DoS via concurrent map writes in OAuth2 state handling
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...
EUVD-2026-9873
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map,...
CVE-2026-28789
OliveTin prior to 3000.10.3 is vulnerable to an unauthenticated denial-of-service in the OAuth2 login flow. Concurrent requests to /oauth/login can access a shared registeredStates map unsafely, causing a Go runtime panic (fatal error: concurrent map writes) and terminating the process when OAuth...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005660)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005660 advisory. In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix a refcount bug in qrtrrecvmsg Syzbot reported a bug as following: refcountt:...
Python Library Django 4.2.x < 4.2.29 / 5.2.x < 5.2.12 / 6.0.x < 6.0.3 Race Condition
The detected version of the Django Python package, is 4.2.x prior to 4.2.29, 5.2.x prior to 5.2.12, or 6.0.x prior to 6.0.3. It is, therefore, affected by a race condition vulnerability as referenced by security release advisory: - An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, a...
CVE-2025-47386
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs...
CVE-2025-47376
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls...
CVE-2025-47379
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources...
CVE-2025-47381
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs...
SUSE CVE-2026-26201
emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process cra...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005706)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005706 advisory. In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy Dmcache also has the same UAF problem when dmresume and dmdestroy ar...
OpenClaw's serialize sandbox registry writes to prevent races and delete-rollback corruption
Impact Concurrent updateRegistry/removeRegistryEntry operations for sandbox containers and browsers could lose updates or resurrect removed entries under race conditions. The registry writes were read-modify-write in a window with no locking and permissive fallback parsing, so concurrent registry...
kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service.
A flaw was found in the Linux kernel. This use-after-free UAF vulnerability occurs in the procreaddirde function within the /proc filesystem. A local attacker with low privileges can exploit this by concurrently traversing specific directories while network devices are unregistered. This can lead...
DEBIAN-CVE-2026-25674
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...
CVE-2026-25674
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...
CVE-2026-25674 Potential incorrect permissions on newly created file system objects
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...
CVE-2026-25674
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...
EUVD-2026-9295
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...