OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals

Summary The custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, repeated connection churn can therefore grow the queue without bound and exhaust heap memory. Details Th...

Linux Distros Unpatched Vulnerability : CVE-2026-31639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Fix key reference count leak from call-key When creating a client call in rxrpcallocclientcall, the code obtains a reference to the key. This is never...

CVE-2026-31639

In the Linux kernel, CVE-2026-31639 affects the rxrpc subsystem. A client call acquires a reference to a key during rxrpc_alloc_client_call(), but this reference is not released when the call is destroyed, causing a key reference-count leak. The documented fix frees call->key in rxrpc_destroy_...

CVE-2026-31639

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count leak from call-key When creating a client call in rxrpcallocclientcall, the code obtains a reference to the key. This is never cleaned up and gets leaked when the call is destroyed. Fix this by...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the rxrpcallocclientcall function acquiring key references without releasing them when the call i...

CVE-2026-0115

In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2026-0115

In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2026-0115

In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js`

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

EUVD-2016-4162

Malware in sbrugna...

EUVD-2022-15790

Malicious code in bioql PyPI...

SUSE-SU-2025:01816-1 Security update for libcryptopp

This update for libcryptopp fixes the following issues: - CVE-2024-28285: Fixed potential leak of secret key of ElGamal encryption via fault injection bsc1224280...

CVE-2023-46741 CubeFS leaks magic secret key when starting Blobstore access service

CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys...

oauth2-server 安全漏洞

oauth2-server is a standards-compliant implementation of OAuth 2.0 authorization server written in PHP for individual developers . Provides authentication and authorization capabilities for applications to secure APIs. A security vulnerability exists in oauth2-server versions prior to 8.3.2 throu...

CVE-2022-32556

An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes...

GHSA-HM37-9XH2-Q499 Possible leak of key's raw field if declared length is incorrect

Impact If a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key's sensitive field can thus expose the raw value of that field. Patches Upgrade to version 0.0.6, which...

CVE-2022-25512

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

Fortinet FortiGate RSA-CRT Key Leak Vulnerability (FG-IR-16-008)

FortiOS now includes for all SSL libraries a countermeasure against Lenstra SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

RSA-CRT key leak under certain conditions

FortiOS now includes for all SSL libraries a countermeasure against Lenstra's fault attack on RSA-CRT optimization when a RSA signature is corrupted...