EUVD-2026-33445

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

CVE-2026-9831

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

CVE-2026-9831

The CVE-2026-9831 entry describes a race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path. Under high-concurrency traffic, requests authenticated with an Extreme Platform ONE /IAM API key could intermittently return data for a different tenant, indicating cross...

CVE-2026-9831

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

CVE-2026-9831 ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

CVE-2026-32134

CVE-2026-32134 affects NanoMQ subinfol is freed/NULL’d before restoration, and the transport iterates it without NULL checks. It is fixed in version 0.24.11; upgrade to that release or later to mitigate. No exploitation details are provided in the available documents.

[SECURITY] Fedora 42 Update: nginx-1.30.1-1.fc42

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 44 Update: nginx-1.28.3-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

PT-2026-28543

Name of the Vulnerable Software and Affected Versions elixir-nodejs versions prior to 3.1.4 Description elixir-nodejs is an Elixir API for calling Node.js functions. A flaw exists due to a race condition in the worker protocol, leading to Cross-User Data Leakage or Information Disclosure. The...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the possibility that tree-connected objects may be released prematurely under high concurrency, potentially...

[SECURITY] Fedora 42 Update: nginx-1.28.1-3.fc42

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 42 Update: nginx-1.28.1-1.fc42

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 43 Update: nginx-1.28.1-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Race Condition

Agno is vulnerable to a race condition. The vulnerability is due to improper handling of sessionstate under high concurrency during run or arun calls, which allows an attacker to cause session data to be incorrectly assigned and persisted, potentially exposing one user's session data to another...

CVE-2025-64168 Agno session state overwrites between different sessions/users

Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when sessionstate is passed to Agent or Team during run or arun calls, a race condition can occur, causing a sessionstate to be assigned and persisted to the incorrect session. This may...

agno 安全漏洞

agno is an Agno open source full-stack framework for building multi-intelligence systems with memory, knowledge and reasoning. A security vulnerability exists in agno version 2.0.0 through versions prior to 2.2.2, which stems from a contention condition in sessionstate passing in highly concurren...

CVE-2024-50654

lilishop =4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency...

CVE-2024-53476

A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as t...

PT-2024-35754 · Unknown · Simplcommerce

Name of the Vulnerable Software and Affected Versions: SimplCommerce version 230310c8d7a0408569b292c5a805c459d47a1d8f Description: A race condition issue in the checkout logic allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts f...

Lilishop 安全漏洞

Lilishop is a mall system from Lilishop Open Source. A security vulnerability exists in Lilishop version 4.2.4 and prior versions, which stems from an access control error. An attacker exploiting this vulnerability could capture and send coupon collection packets to obtain coupons that exceed the...