1365 matches found
Users can generate Service Account tokens after permissions removal
When a user’s access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...
PT-2026-40794
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A race condition exists where a user may still be able to mint tokens for a service account for a few seconds after their access has been revoked. Recommendation...
CVE-2026-44296 Deskflow: TLS multiplexer DoS on failed `SSL_accept`
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...
CVE-2026-44296
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...
CVE-2026-43435
In the Linux kernel, the following vulnerability has been resolved: rustbinder: fix oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted into the tree. So the new request was not being factored in the spam calculation. Fix this by moving...
EUVD-2026-28526
UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the addrconfpermanentaddr function in IPv6 address configuration. This function may lead to memor...
CVE-2026-43247
A flaw was found in the wave5 media driver within the Linux kernel. This vulnerability can lead to a kernel panic, which causes the system to become unresponsive, effectively resulting in a Denial of Service DoS. The issue occurs when the system attempts to enter suspend mode due to an autosuspen...
CLSA-2026-1778107793 qt5-qtbase: Fix of 3 CVEs
CVE-2025-5455: fix qDecodeDataUrl crash on malformed data URL with charset - CVE-2024-25580: fix KTX file reading buffer overflow - CVE-2024-39936: delay HTTP/2 communication until encrypted can be responded to includes prerequisite to emit encrypted on H2 path...
CVE-2026-43247
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix SError of kernel panic when closed SError of kernel panic rarely happened while testing fluster. The root cause was to enter suspend mode because timeout of autosuspend delay happened. 48.834439...
CVE-2026-43247
CVE-2026-43247 affects the Linux kernel media driver for wave5 (chips-media). The issue causes a kernel panic triggered by an asynchronous SError interrupt when the system enters suspend mode due to an autosuspend delay timeout, leading to an unresponsive system (DoS-like impact). The vulnerabili...
Hashicorp Boundary workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes
Boundary Community Edition and Boundary Enterprise "Boundary" workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the TLS handshake process. An attacker can cause worker connection handling to block by opening a connection to the authentication listener and delaying or withholding the client...
CVE-2026-7776
Boundary Community Edition and Boundary Enterprise “Boundary” workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate...
Wireshark 2.0.x < 2.0.8 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is prior to 2.0.8. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.0.8 advisory. - In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion,...
[SECURITY] Fedora 44 Update: libcgif-0.5.3-1.fc44
A fast and lightweight GIF encoder that can create GIF animations and images. Summary of the main features: - user-defined global or local color-palette with up to 256 colors limit of the GIF format - size-optimizations for GIF animations: - option to set a pixel to transparent if it has identica...
PT-2026-35063
Name of the Vulnerable Software and Affected Versions 4ga Boards versions prior to 3.3.5 Description 4ga Boards is a boards system for realtime project management. The software allows user enumeration through a timing side-channel in the login endpoint '/api/access-tokens'. The server responds...
SUSE CVE-2026-33595
A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...
CVE-2026-31501 net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path cppi5hdescgetpsdata returns a pointer into the CPPI descriptor. In both emacrxpacket and emacrxpacketzc, the descriptor is freed via k3cppidescpoolfree befor...
CVE-2026-39396
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...