OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals

Summary The custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, repeated connection churn can therefore grow the queue without bound and exhaust heap memory. Details Th...

RUSTSEC-2026-0002 `IterMut` violates Stacked Borrows by invalidating internal pointer

Affected versions of this crate contain a soundness issue in the IterMut iterator implementation. The IterMut::next and IterMut::nextback methods temporarily create an exclusive reference to the key when dereferencing the internal node pointer. This invalidates the shared pointer held by the...

HSEC-2023-0001 Hash flooding vulnerability in aeson

Hash flooding vulnerability in aeson aeson was vulnerable to hash flooding a.k.a. hash DoS. The issue is a consequence of the HashMap implementation from unordered-containers. It results in a denial of service through CPU consumption. This technique has been used in real-world attacks against a...

EUVD-2014-3189

Malware in sbrugna...

EUVD-2025-18858

Malicious code in bioql PyPI...

EUVD-2023-27103

Malicious code in bioql PyPI...

EUVD-2025-13986

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-34867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jerryscript 3.0 commit 05dbbd1 was discovered to contain an Assertion Failure via the ecmapropertyhashmapcreate at jerry-core/ecma/base/ecma-property-hashmap.c...

bpf: Fix kmemleak warning for percpu hashmap

...

Linux Distros Unpatched Vulnerability : CVE-2025-6490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function...

Linux Distros Unpatched Vulnerability : CVE-2025-37807

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8 size 32: backtrace crc 0:...

SUSE CVE-2025-6490

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the hashmapgetwithhash function in the gumbo-parser/src/hashmap.c file. An attacker can cause a crash or disrupt service by providing crafted input. Note: According to the maintainer of the package the cod...

CVE-2025-6494

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmapgetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be...

UBUNTU-CVE-2025-6494

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmapgetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be...

GHSA-PF9W-GVCF-GV7M sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow

Withdrawn Advisory This advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references. Original Description A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and...

UBUNTU-CVE-2025-6490

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...

CVE-2025-6490 sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...

CVE-2025-6490

CVE-2025-6490 concerns a heap-based buffer overflow in gumbo-parser/src/hashmap.c (function hashmap_set_with_hash) within sparklemotion nokogiri. Reported as a locally exploitable issue; exploitation details have been disclosed, but the real existence of the vulnerability is questioned in the des...

Nokogiri 安全漏洞

Nokogiri is an open source software library for parsing HTML and XML in Ruby. A security vulnerability exists in Nokogiri 1.18.7 and earlier versions, which stems from a heap buffer overflow in the function hashmapgetwithhash in the file gumbo-parser/src/hashmap.c. The vulnerability is caused by ...