PT-2026-5671

Memory Corruption when multiple threads simultaneously access a memory free API...

CVE-2020-36950

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...

kernel: net/mlx5e: Check for NOT_READY flag state after locking

A race condition was found in the Linux kernel Mellanox mlx5 network driver's traffic control offload flow management. A local user with privileges to configure traffic control flower filters can trigger concurrent flow deletion operations where the NOTREADY flag is checked before acquiring the...

CVE-2020-36950

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...

PT-2026-4929

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...

database/sql: Postgres Scan Race Condition

A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leadin...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that stems from the V8 engine's lack of effective protection against concurrent access to shared resources, which can be exploited by an attacker to execute arbitrary code on...

CVE-2025-55705

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...

CVE-2025-55705 EVMAPA Insufficient Session Expiration

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration...

CVE-2025-55705

CVE-2025-55705 involves charging-station backends allowing multiple simultaneous connections with the same station ID due to insufficient session management and expiration controls. Affected component is the charging-station/session backend; outcome includes unauthorized access, data inconsistenc...

EVMAPA code-related vulnerabilities

EVMAPA is a navigation app for electric vehicle charging stations developed by Daniel Jurik. EVMAPA has code-related vulnerabilities. These vulnerabilities stem from the system’s ability to allow multiple concurrent connections using the same charging station ID, along with insufficient session...

PT-2026-4302

Name of the Vulnerable Software and Affected Versions Charging station software affected versions not specified Description The system allows multiple simultaneous connections to the backend using the same charging station ID. This can lead to unauthorized access, data inconsistency, or...

Azure Linux 3.0 Security Update: kernel (CVE-2025-22060)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22060 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory...

Azure Linux 3.0 Security Update: kernel (CVE-2024-47741)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47741 advisory. - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race setting file private on...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37800)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37800 advisory. - In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the validateTokenReuse method in the TokenManager class. ...

CVE-2026-1035

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...

CVE-2026-1035

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...

UBUNTU-CVE-2026-1035

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...

CVE-2026-1035 Org.keycloak.protocol.oidc: keycloak refresh token reuse bypass via toctou race condition

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...