PT-2026-45015

Summary Gotenberg is vulnerable to a remote denial of service in multipart downloadFrom handling. A multipart request containing multiple downloadFrom entries causes concurrent goroutines to write to shared maps without synchronization. This can terminate the process with fatal error: concurrent...

Medium: runc

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Medium: golist

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

PT-2026-34615

Name of the Vulnerable Software and Affected Versions @xmldom/xmldom versions prior to 0.8.13 @xmldom/xmldom versions prior to 0.9.10 xmldom versions prior to 0.6.0 Description The software allows attacker-controlled comment content to be serialized into XML without validating or neutralizing...

GHSA-QHFQ-GVVC-5Q6Q Apache Doris MCP Server vulnerable to SQL Injection via improper query context neutralization

Apache Doris MCP Server versions prior to 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Versions 0.6.1...

CVE-2025-66335

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

CVE-2025-66335 Apache Doris MCP Server: MCP SQL inject

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

CVE-2025-66335 Apache Doris MCP Server: MCP SQL inject

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

Apache Doris MCP Server 安全漏洞

Apache Doris MCP Server is a context-based protocol backend service provided by the Apache Foundation. Versions of Apache Doris MCP Server prior to 0.6.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of query contexts, which could lead to the execution o...

PT-2025-33565 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The Linux kernel contains a flaw within the scheduler extension sched/ext related to calls to the update locked rq function with a NULL runqueue rq pointer. Invoking update locked rqNU...

CVE-2025-38335 Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT

In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys - fix a sleep while atomic with PREEMPTRT When enabling PREEMPTRT, the gpiokeysirqtimer callback runs in hard irq context, but the inputevent takes a spinlock, which isn't allowed there as it is converted to a...

kernel: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx

In the Linux kernel, the following vulnerability has been resolved: bpf: Add skisinet and ISICSK check in tlsswhasctxtx/rx As the introduction of the support for vsock and unix sockets in sockmap, tlsswhasctxtx/rx cannot presume the socket passed in must be ISICSK. vsock and afunix sockets have...

SUSE CVE-2025-37878

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARNON!ctx in freeevent for partial init Move the getctxchildctx call and the childevent-ctx assignment to occur immediately after the child event is allocated. Ensure that childevent-ctx is non-NULL before any...

CVE-2023-53121

The CVE-2023-53121 vulnerability affects the Linux kernel where tcp_rtx_synack() can be invoked from process context, allowing tcp_make_synack() to touch per-CPU data with preemption enabled and trigger a BUG: using __this_cpu_add() in preemptible code. The root cause is a context-inappropriate c...

UBUNTU-CVE-2021-46942

In the Linux kernel, the following vulnerability has been resolved: iouring: fix shared sqpoll cancellation hangs 736.982891 INFO: task iou-sqp-4294:4295 blocked for more than 122 seconds. 736.982897 Call Trace: 736.982901 schedule+0x68/0xe0 736.982903 iouringcancelsqpoll+0xdb/0x110 736.982908...

CVE-2023-49706

Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with...

WithContext is not called on state changing operation

Lines of code Vulnerability details Impact Any state transition function must update keeper using WithContext function having latest context, otherwise incorrect state will be used. It was observed that CallEVM function misses the same Proof of Concept 1. Observe the CallEVM function func k Keepe...

Denial Of Service (DoS)

The kernel is vulnerable to denial of service DoS. The attack is due to Numerous reference count leaks in the Linux kernel's block layer I/O context handling implementation. This could allow a local, unprivileged user to cause a denial of service...

Important: java-1.7.0-openjdk

Issue Overview: DerValue unbounded memory allocation: It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive...

EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1059)

According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java...