ROS-20260122-73-0022

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to synchronization errors when using a shared resource "Race Situation". Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML pa...

PT-2026-3898

Name of the Vulnerable Software and Affected Versions Mastodon versions 4.2.26 through 4.2.29 Mastodon versions 4.3.13 through 4.3.17 Mastodon versions 4.4.5 through 4.4.11 Mastodon versions 4.5.0 through 4.5.4 Description Mastodon is a social network server that allows administrators to suspend...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38153)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38153 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: fix error handling of...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37754)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37754 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/i915/huc: Fix fence not released on...

CVE-2025-68136 EVerest's inadequate session handling can lead to memory-related errors or exhaustion of the operating system’s file descriptors, resulting in a denial of service

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

CVE-2025-68136 EVerest's inadequate session handling can lead to memory-related errors or exhaustion of the operating system’s file descriptors, resulting in a denial of service

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

CVE-2025-68136

CVE-2025-68136 (EVerest) affects the EV charging software stack prior to version 2025.10.0. On SDP requests, the module creates a new set of objects (Session, IConnection) and opens a new TCP socket for ISO15118-20 communications, registering callbacks for the new file descriptor without closing/...

CVE-2025-68136 EVerest's inadequate session handling can lead to memory-related errors or exhaustion of the operating system’s file descriptors, resulting in a denial of service

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component...

BIT-GRADLE-2026-22865 Gradle's failure to disable repositories failing to answer can expose builds to malicious artifacts

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

ROS-20260121-73-0051

A vulnerability in the ksmbd component of the Linux operating system kernel is related to resource release errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

AZL-75080 CVE-2026-21637 affecting package nodejs for versions less than 20.14.0-13

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

SUSE CVE-2026-22865

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

MiracleLinux 9 : squid-5.5-13.el9_4 (AXSA:2024-8595:05)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8595:05 advisory. squid: vulnerable to a Denial of Service attack against Cache Manager error responses CVE-2024-23638 squid: Out-of-bounds write error may lead to...

MedDream PACS Premium 安全漏洞

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A cross-site scripting vulnerability exists in MedDream PACS Premium and is caused by improper validation of user-supplied input by the Modify Anonymization feature. An attacker could exploit the...

MiracleLinux 8 : grafana-7.5.15-4.el8.ML.1 (AXSA:2023-6073:05)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6073:05 advisory. golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after...

MiracleLinux 4 : thunderbird-68.10.0-1.AXS4 (AXSA:2020-225:05)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-225:05 advisory. Mozilla: Information disclosure due to manipulated URL object CVE-2020-12418 Mozilla: Use-after-free in nsGlobalWindowInner CVE-2020-12419 Mozilla:...

MiracleLinux 9 : toolbox-0.0.99.3-9.el9 (AXSA:2023-5654:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5654:01 advisory. golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 golang: net/http: An attacker can cause excessive memory growth in a Go...

MiracleLinux 9 : libtiff-4.4.0-2.el9 (AXSA:2022-4563:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4563:04 advisory. libtiff: Denial of Service via crafted TIFF file CVE-2022-0561 libtiff: Null source pointer lead to Denial of Service via crafted TIFF file...