EUVD-2026-32676

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

Astra Linux - уязвимость в jetty9

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the token endpoint. An attacker can obtain access tokens for users who have not authorized their application by exchanging intercepted authorization codes issued to other clients. Note: This is only exploitabl...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the token endpoint. An attacker can obtain access tokens for users who have not authorized their application by exchanging intercepted authorization codes issued to other clients. Note: This is only exploitabl...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the token endpoint. An attacker can obtain access tokens for users who have not authorized their application by exchanging intercepted authorization codes issued to other clients. Note: This is only exploitabl...

Incorrect Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization in the Keycloak authentication adapter due to missing validation of the azp claim in access tokens...

CVE-2026-30949

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid acces...

CVE-2026-30949

CVE-2026-30949 affects Parse Server deployments using the Keycloak authentication adapter. The issue is that the azp (authorized party) claim in Keycloak access tokens is not validated against the configured client-id, enabling a valid token from one client to authenticate as any user on Parse Se...

GHSA-345P-7CG4-V4C7 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

Summary Cross-client data leak via two distinct issues: 1 reusing a single StreamableHTTPServerTransport across multiple client requests, and 2 reusing a single McpServer/Server instance across multiple transports. Both are most common in stateless deployments. Impact This advisory covers two...

[SECURITY] Fedora 42 Update: gpsd-3.25-17.fc42

gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. With gpsd, multiple GPS client applications such as...

EUVD-2024-16038

Malicious code in bioql PyPI...

CVE-2024-0240 Silicon Labs EFR32 Bluetooth stack denial of service when sending notifications to multiple clients

A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop...

CVE-2024-0240 Silicon Labs EFR32 Bluetooth stack denial of service when sending notifications to multiple clients

A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop...

Silicon Labs EFR32 Security Vulnerability

Silicon Labs EFR32 is a family of SoC wireless components from Silicon Labs, Inc. A security vulnerability exists in the Silicon Labs EFR32 that stems from the presence of a memory leak that could lead to memory exhaustion when sending notifications to multiple clients...

UBUNTU-CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...

Qualcomm Chipsets 资源管理错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from memory corruption due to post-release usage in the core when multiple DCI clients are enrolled and logged off...

SUSE CVE-2016-10003

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients...

Race condition

Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile...

CVE-2020-27132

creationtimestamp| type| source ---|---|--- 2020-12-11 20:35:44+00:00| seen| https://t.me/cibsecurity/20357 2020-12-11 20:46:00+00:00| seen| https://t.me/cibsecurity/20377 2020-12-11 21:25:15+00:00| seen| https://t.me/cibsecurity/20396 2020-12-11 22:04:32+00:00| seen| https://t.me/cibsecurity/204...

CVE-2020-3559

A vulnerability in Cisco Aironet Access Point AP Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending...