34394 matches found
Vulnerabilities found in Apple iOS and iPadOS
Apple has identified several vulnerabilities in iOS and iPadOS. These vulnerabilities include out-of-bounds access, use-after-free errors, memory handling issues, insufficient input validation, type confusion, double-free operations, stack overflows, race conditions, and path handling problems...
CVE-2026-14160
Time-of-check time-of-use TOCTOU race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affects Escargot: bab3a5797557014ce3c2e28419a6310cfba90d0d...
EUVD-2026-40248
Time-of-check time-of-use TOCTOU race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affects Escargot: bab3a5797557014ce3c2e28419a6310cfba90d0d...
CVE-2026-14160
Technical details about CVE-2026-14160 are not publicly provided in the supplied documents. Monitor for updates from Samsung Escargot advisories and NVD entries.
Axis Communications AXIS OS Improper Validation of Syntactic Correctness of Input (CVE-2024-8772)
A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack enabling an attacker to block access to the overlay configuration page in the web interface of the Axis device. Exploitation requires prior authentication...
Axis Communications AXIS OS Improper Validation of Specified Type of Input (CVE-2024-47262)
Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Axis has released patched AXIS OS versions for this flaw. Endpoints not...
CVE-2026-7656
The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6nbr.c handlerainput, handlensinput, handlenainput used an incorrect boolean expression that combined the RFC 4861 validity checks with the ICMPv6 code check using the wrong operator precedence: the form was 'length/hop/source/target checks...
CVE-2026-53434
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...
CVE-2026-53404
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
CVE-2026-53434
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...
CVE-2026-53434 Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...
CVE-2026-43743
A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination...
CVE-2026-43743
A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination...
CVE-2026-43743
CVE-2026-43743 is a race condition addressed by Apple in macOS Tahoe 26.5.2 and iOS/iPadOS 26.5.2. The issue affects the IOGPUFamily entry (Impact: a user-level app may cause an unexpected system termination) and is mitigated by the patched state handling. The CVE references confirm the fix in ma...
CVE-2026-57959
CVE-2026-57959 affects Hi.Events up to version 1.9.0. The vulnerability arises in promo code validation where the reservation path checks the usage count before the asynchronous UpdateEventStatisticsJob increments it, enabling a race condition. Attackers can sequentially reserve multiple orders u...
EUVD-2026-40144
Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...
CVE-2026-53265
In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de "dm cache policy smq: fix missing locks in invalidating cache blocks" added mq-lock around the destructive part of smqinvalidatemapping, but left the...
CVE-2026-54370
acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...
About the security content of iOS 26.5.2 and iPadOS 26.5.2
About the security content of iOS 26.5.2 and iPadOS 26.5.2 This update delivers security fixes that were first made available in the iOS 26.6 and iPadOS 26.6 betas. This document describes the security content of iOS 26.5.2 and iPadOS 26.5.2. About Apple security updates For our customers'...
PT-2026-53729
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A race condition, which occurs when the timing or sequence of events is not properly controlled, was identified. This issue allows an...