OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals

Summary The custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, repeated connection churn can therefore grow the queue without bound and exhaust heap memory. Details Th...

RUSTSEC-2026-0002 `IterMut` violates Stacked Borrows by invalidating internal pointer

Affected versions of this crate contain a soundness issue in the IterMut iterator implementation. The IterMut::next and IterMut::nextback methods temporarily create an exclusive reference to the key when dereferencing the internal node pointer. This invalidates the shared pointer held by the...

HSEC-2023-0001 Hash flooding vulnerability in aeson

Hash flooding vulnerability in aeson aeson was vulnerable to hash flooding a.k.a. hash DoS. The issue is a consequence of the HashMap implementation from unordered-containers. It results in a denial of service through CPU consumption. This technique has been used in real-world attacks against a...

EUVD-2014-3189

Malware in sbrugna...

EUVD-2025-13986

Malicious code in bioql PyPI...

EUVD-2025-18858

Malicious code in bioql PyPI...

EUVD-2023-27103

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-34867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jerryscript 3.0 commit 05dbbd1 was discovered to contain an Assertion Failure via the ecmapropertyhashmapcreate at jerry-core/ecma/base/ecma-property-hashmap.c...

bpf: Fix kmemleak warning for percpu hashmap

...

Linux Distros Unpatched Vulnerability : CVE-2025-6490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function...

Linux Distros Unpatched Vulnerability : CVE-2025-37807

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8 size 32: backtrace crc 0:...

SUSE CVE-2025-6490

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the hashmapgetwithhash function in the gumbo-parser/src/hashmap.c file. An attacker can cause a crash or disrupt service by providing crafted input. Note: According to the maintainer of the package the cod...

CVE-2025-6494

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmapgetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be...

UBUNTU-CVE-2025-6494

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmapgetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be...

GHSA-PF9W-GVCF-GV7M sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow

Withdrawn Advisory This advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references. Original Description A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and...

UBUNTU-CVE-2025-6490

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...

CVE-2025-6490

CVE-2025-6490 concerns a heap-based buffer overflow in gumbo-parser/src/hashmap.c (function hashmap_set_with_hash) within sparklemotion nokogiri. Reported as a locally exploitable issue; exploitation details have been disclosed, but the real existence of the vulnerability is questioned in the des...

CVE-2025-6490 sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...

Sparkle Motion Nokogiri 安全漏洞

Sparkle Motion Nokogiri is a Sparkle Motion open source software for processing xml and html files. A security vulnerability exists in Sparkle Motion Nokogiri version 1.18.7 and earlier, which originates from a heap buffer overflow in the function hashmapsetwithhash in the file...