nodejs: Nodejs denial of service

A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...

RLSA-2026:2709 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 cmd/cgo: Potential cod...

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

Gryphon Guardian WiFi access point 安全漏洞

The Gryphon Guardian WiFi access point is a security WiFi access point developed by the American company Gryphon. Version 01.06.0006.22 of the Gryphon Guardian WiFi access point contains a security vulnerability. This vulnerability stems from issues with the TLS authentication mechanism, which ma...

PT-2026-20259

Name of the Vulnerable Software and Affected Versions Guardian Gryphon version 01.06.0006.22 Description An issue in the TLS certification mechanism allows attackers to execute commands as root. Recommendations At the moment, there is no information about a newer version that contains a fix for...

CVE-2025-65753

CVE-2025-65753 describes a remote code execution flaw in Guardian Gryphon v01.06.0006.22 due to improper TLS certificate validation during a TLS-protected speedtest client download, enabling root-level commands. Multiple connected sources corroborate the flaw and firmware version, including explo...

CVE-2025-65753

An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root...

Exploiting Layer-Specific Vulnerabilities to Backdoor Attack in Federated Learning

Federated learning FL enables distributed model training across edge devices while preserving data locality. This decentralized approach has emerged as a promising solution for collaborative learning on sensitive user data, effectively addressing the longstanding privacy concerns inherent in...

openSUSE 16 Security Update : go1.24 (openSUSE-SU-2026:20220-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20220-1 advisory. Update to version 1.24.13. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code...

Linux Distros Unpatched Vulnerability : CVE-2026-23120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - l2tp: avoid one data-race in l2tptunneldelwork We should read sk-sksocket only when dealing with kernel sockets. syzbot reported the following data-race: BUG:...

CVE-2026-23120 l2tp: avoid one data-race in l2tp_tunnel_del_work()

In the Linux kernel, the following vulnerability has been resolved: l2tp: avoid one data-race in l2tptunneldelwork We should read sk-sksocket only when dealing with kernel sockets. syzbot reported the following data-race: BUG: KCSAN: data-race in l2tptunneldelwork / skcommonrelease write to...

CVE-2026-23120 l2tp: avoid one data-race in l2tp_tunnel_del_work()

In the Linux kernel, the following vulnerability has been resolved: l2tp: avoid one data-race in l2tptunneldelwork We should read sk-sksocket only when dealing with kernel sockets. syzbot reported the following data-race: BUG: KCSAN: data-race in l2tptunneldelwork / skcommonrelease write to...

CVE-2026-23120

In the Linux kernel, the following vulnerability has been resolved: l2tp: avoid one data-race in l2tptunneldelwork We should read sk-sksocket only when dealing with kernel sockets. syzbot reported the following data-race: BUG: KCSAN: data-race in l2tptunneldelwork / skcommonrelease write to...

CVE-2025-14873 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'callbyroutename' function in the routing layer only validating user capabilities without enforcing...

CVE-2025-9293

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the...

FreeBSD rtsold/rtsol DNSSL Command Injection

This module exploits a command injection vulnerability CVE-2025-14558 in FreeBSD's rtsol8 and rtsold8 programs. These programs do not validate the domain search list options provided in IPv6 Router Advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell...

CLSA-2026-1770993656 nodejs: Fix of CVE-2026-21637

CVE-2026-21637: fix a flaw in TLS error handling where exceptions in handshake callbacks can cause process crashes or file descriptor leaks...

USN-8033-4: Linux kernel (AWS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...

CVE-2025-9293

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the...