Security Bulletin: IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449

Summary IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerab...

PT-2026-33714

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

ROS-20260414-73-0025

Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

ROS-20260414-73-0028

Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

ROS-20260414-73-0009

Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

ROS-20260414-73-0008

Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

ROS-20260414-73-0010

Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

Always-Incorrect Control Flow Implementation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation via the onboarding process. An attacker can obtain gateway credentials by leveraging a scenario where a previously discovered endpoint persist...

@tootallnate/once vulnerable to Incorrect Control Flow Scoping

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

GHSA-VPQ2-C234-7XJ6 @tootallnate/once vulnerable to Incorrect Control Flow Scoping

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

CVE-2026-3449

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

PT-2026-22719

Name of the Vulnerable Software and Affected Versions @tootallnate/once versions prior to 3.0.1 Description The package @tootallnate/once versions prior to 3.0.1 are susceptible to an issue with incorrect control flow scoping in promise resolving when the AbortSignal option is utilized. When the...

Incorrect Control Flow Scoping

Overview Affected versions of this package are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This can cause a...

ROS-20260128-73-0041

Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

ROS-20260128-73-0040

Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

ROS-20260128-73-0052

Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

ROS-20260112-7301

Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

ROS-20251217-7306

A vulnerability in the Omnibox component of the Google Chrome browser is related to the implementation of an incorrect control flow. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information...

ROS-20251216-7353

Vulnerability in golang-x-crypto related to the implementation of an incorrect control flow. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2025-33199

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering...