EUVD-2026-16342

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the soupserverdisconnect function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a...

PT-2026-3849

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

CVE-2023-40293

Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object...

kernel: Bluetooth: Fix use after free in hci_send_acl

A vulnerability was found in the Linux kernel's Bluetooth subsystem in the hcidisconnphylinkcompleteevt function. Improper cleanup and reference handling can lead to a connection object, hcon, being freed and then later accessed during a subsequent function call. This issue can lead to a...

OracleVM 3.3 : xen (OVMSA-2017-0158)

The remote OracleVM system is missing necessary patches to address critical security updates : - From: Jan Beulich Subject: gnttab: also validate PTE permissions upon destroy/replace In order for PTE handling to match up with the reference counting done by common code, presence and writability of...