PT-2026-43780

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: always update mdb n entries for vlan contexts syzbot triggered a warning1 about the number of mdb entries in a context. It turned out that there are multiple ways to trigger that warning today some got added...

CVE-2026-0972

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

OESA-2026-1552 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ excepti...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through a race condition in the promotion and coupon usage limit enforcement process. An attacker can redeem limited-use...

CVE-2025-61595 MANTRA tx gas limit is not enforced in send hooks

MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract,...

OESA-2025-1364 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Erlang/OTP is a set of libraries for the Erlang...

Linux Distros Unpatched Vulnerability : CVE-2024-38809

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications that parse ETags from If-Match or If-None-Match request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the...

CVE-2024-38809

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...

CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial Of Service. The vulnerability is due to a lack of session limit enforcement, enabling an authenticated attacker to crash the server by flooding the sessions table through repeated requests to the getSessions API...

CVE-2023-5330

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable...

[SECURITY] [DSA 5414-1] docker-registry security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5414-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2023 https://www.debian.org/security/faq -...

MGASA-2018-0164 Updated libraw packages bring minor security fixes

Minor security fixes have been made in libraw version 0.18.8 checking limits are not enforced. See references for more details...

Device limit per user in Enrollment profiles not being enforced MAM-only

Enrollment Profiles has been set to limit users on specific delivery groups to a certain limit of devices per user. This should prevent people on these delivery groups from activating Secure Hub on more devices than they are allowed. However, these users are still able to activate with no...

CVE-2015-8338

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the 1 XENMEMincreasereservation, 2 XENMEMpopulatephysmap, 3 XENMEMexchange, and possibly other HYPERVISORmemoryop suboperations, which allows ARM guest OS administrators to cause a denial of service CPU consumption,...