PT-2026-47843

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

SUSE CVE-2026-6873

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

PYSEC-2026-199

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one where...

CVE-2026-42594

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent...

CVE-2026-42594 Gotenberg: Unauthenticated denial of service via echo.Context pool reuse in webhook async goroutine

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition due to improper synchronization in the webhook process. An attacker can cause the application to crash and become unavailable by sending concurrent requests that exploit the reuse of echo.Context objects, leading to a pan...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition due to improper synchronization in the webhook process. An attacker can cause the application to crash and become unavailable by sending concurrent requests that exploit the reuse of echo.Context objects, leading to a pan...

CVE-2026-43535

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

CVE-2026-43535

OpenClaw (prior to 2026.4.14) contains an authorization context reuse vulnerability in collect-mode queue batches. The flaw lets messages from different senders inherit the final sender’s authorization context, enabling an attacker to drain batches by injecting multiple queued messages and have e...

CVE-2026-43535 OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

CVE-2026-43535 OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches

OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a mo...

PT-2026-37020

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description An authorization context reuse issue exists in collect-mode queue batches. This allows messages from different senders to inherit the authorization context of the final sender. An attacker can...

CVE-2025-64686

...

CVE-2025-59941

go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass...

kernel: SUNRPC: double free xprt_ctxt while still in use

A flaw was addressed in the Linux kernel’s SUNRPC implementation affecting deferred RPC request handling. When an RPC request is deferred, the internal rqxprtctxt pointer is moved from the active service request to a deferred request structure. Under certain rare conditions where a request is...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a potential context reuse after release issue with the drm/i915 component...

CVE-2023-6393 Quarkus: potential invalid reuse of context when @cacheresult on a uni is used

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contain...

OpenJDK: GSS context use-after-free (JGSS, 8186212)

It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context...

OpenJDK: GSS context use-after-free (JGSS, 8186212)

It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context...