CVE-2026-45287

CVE-2026-45287 affects the Go OpenTelemetry implementation. Prior to version 0.0.17, parsing a schema via go.opentelemetry.io/otel/schema/v1.0 or .../v1.1 leaks one file descriptor per successful ParseFile call because ParseFile opens the file and passes it to Parse without closing it, risking de...

PT-2026-46233

🔒 API Platform CVE-2026-49858: JSON:API & HAL normalizers cached components across users on long-running runtimes FrankenPHP, RoadRunner, Swoole. Patched in 4.1.29 / 4.2.25 / 4.3.8 — upgrade now. https://t.co/1oIPjtQjqB...

GHSA-995V-FVRW-C78M opentelemetry-go's Schema ParseFile leaks file descriptors on each parse

Summary go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it; repeated parsing in a long-running process can exhaust the process file...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

CVE-2025-66033

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and...

EUVD-2018-11167

Malware in sbrugna...

EUVD-2022-32657

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-46336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, a...

UBUNTU-CVE-2025-6712

MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory...

CVE-2023-28440

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...

CVE-2023-21144

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-28203

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query...

CVE-2019-17063

In Snowtide PDFxStream before 3.7.1 for Java, a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling...

narayana: deadlock via multiple join requests sent to LRA Coordinator

A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of...

SUSE CVE-2025-46336

Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...

DEBIAN-CVE-2025-46336

Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...

narayana: deadlock via multiple join requests sent to LRA Coordinator

A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of...

narayana: deadlock via multiple join requests sent to LRA Coordinator

A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of...

CVE-2025-29910 CryptoLib's crypto_handle_incrementing_nontransmitted_counter Function has Memory Leak

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A memory leak vulnerability was identified in the...

Security update for SUSE Manager Client Tools

This update fixes the following issues: salt: Revert setting SELinux context for minion service bsc1233667 Removed System V init support Fix the condition of alternatives for Tumbleweed and Leap 16 Build all python bindings for all flavors Make minion reconnecting on changing master IP bsc1228182...