Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CVE-2025-39724)

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: fix panic due to PSLVERR When the PSLVERRRESPEN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR Receive Buffer Register while the FIFO is enabled. In...

Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CVE-2025-39697)

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfslockandjoinrequests tests for whether the request is still attached to the mapping, nothing prevents a call to nfsinoderemoverequest from succeeding until we actually lock...

CVE-2026-23126

CVE-2026-23126 affects the Linux kernel netdevsim driver. It describes a race on the bpf_bound_progs list between nsim_bpf_create_prog() (list_add_tail) and nsim_bpf_destroy_prog() (list_del), which can corrupt the list and trigger a kernel crash (kernel BUG at lib/list_debug.c). The proposed rem...

EUVD-2026-5910

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpfboundprogs list The netdevsim driver lacks a protection mechanism for operations on the bpfboundprogs list. When the nsimbpfcreateprog performs listaddtail, it is possibl...

CVE-2019-25342

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

CVE-2019-25342

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

kernel: net/mlx5e: Check for NOT_READY flag state after locking

A race condition was found in the Linux kernel Mellanox mlx5 network driver's traffic control offload flow management. A local user with privileges to configure traffic control flower filters can trigger concurrent flow deletion operations where the NOTREADY flag is checked before acquiring the...

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

SUSE CVE-2026-24683

FreeRDP is a free implementation of the Remote Desktop Protocol. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This...

PT-2026-7941

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

CVE-2025-69871

Summary: CVE-2025-69871 affects MedusaJS/Medusa v2.12.2 and earlier. The root cause is a race condition in the promotion module’s registerUsage() function, which performs a non-atomic read-check-update when enforcing usage limits. This can let unauthenticated remote attackers submit concurrent ch...

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

Exploit for Improper Access Control in Oracle Http_Server

CVE-2026-21962 Concurrent WebLogic Scanner/Exploiter High-per...

UBUNTU-CVE-2026-24683

FreeRDP is a free implementation of the Remote Desktop Protocol. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This...