472 matches found
EUVD-2026-24841
In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...
CVE-2026-31481
In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...
CVE-2026-31481 tracing: Drain deferred trigger frees if kthread creation fails
In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cleanup kthread exists. Deferring those frees until late init is fine, but the post-boot fallback mus...
PT-2026-34386
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the tracing component occurs when boot-time trigger registration fails before the trigger-data cleanup kthread is created. If kthread creation fails, the system fails to drain...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013199)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013199 advisory. In the Linux kernel, the following vulnerability has been resolved: kernfs: fix use-after-free in kernfsremove Syzkaller managed to trigger concurrent calls to...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011207)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011207 advisory. In the Linux kernel, the following vulnerability has been resolved: kernfs: fix use-after-free in kernfsremove Syzkaller managed to trigger concurrent calls to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007222)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007222 advisory. In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot 1, there is a memory...
CVE-2026-40116 PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...
CVE-2026-40116
CVE-2026-40116 affects PraisonAI prior to 4.5.128: the /media-stream WebSocket endpoint accepted unauthenticated connections and bypassed Twilio validation, proxying each connection to OpenAI’s Realtime API using the server key with no concurrency/rate/size limits. This could allow an unauthentic...
PT-2026-31785
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...
ROS-20260408-73-0033
A vulnerability in the dwc3 component of the Linux operating system kernel is related to excessive resource consumption in a loop. Exploitation of the vulnerability allows an attacker to cause a denial of service...
CVE-2026-35679
Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometimes not verifying Sprout proofs...
PT-2026-29721
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the handling of asynchronous decryption within the TLS Transport Layer Security protocol. Specifically, the async hold queue, used to manage...
GHSA-38F7-945M-QR2G Effect `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC
Versions - effect: 3.19.15 - @effect/rpc: 0.72.1 - @effect/platform: 0.94.2 - Node.js: v22.20.0 - Vercel runtime with Fluid compute - Next.js: 16 App Router - @clerk/nextjs: 6.x Root cause Effect's MixedScheduler batches fiber continuations and drains them inside a single microtask or timer...
Academia and the “AI Brain Drain”
In 2025, Google, Amazon, Microsoft and Meta collectively spent US$380 billion on building artificial-intelligence tools. That number is expected to surge still higher this year, to $650 billion, to fund the building of physical infrastructure, such as data centers see go.nature.com/3lzf79q...
poc-step-finance-2026
Step Finance Stake Authority Compromise — PoC Educational...
SUSE SLES15: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:0774-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0774-1 advisory. This update for python fixes the following issue: - CVE-2024-7592: uncontrolled CPU resource consumption when in http.cookies module...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005742)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005742 advisory. In the Linux kernel, the following vulnerability has been resolved: kernfs: fix use-after-free in kernfsremove Syzkaller managed to trigger concurrent calls to...
Clawdrain: Exploiting Tool-Calling Chains for Stealthy Token Exhaustion in OpenClaw Agents
Modern generative agents such as OpenClaw - an open-source, self-hosted personal assistant with a community skill ecosystem, are gaining attention and are used pervasively. However, the openness and rapid growth of these ecosystems often outpace systematic security evaluation. In this paper, we...
AZL-77993 CVE-2026-27171 affecting package fltk 1.3.5-4
zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition...