663 matches found
CVE-2026-59725
A flaw was found in Socket.IO, specifically within the Engine.IO protocol v4 polling transport. An unauthenticated attacker can exploit this vulnerability by sending invalid binary POST requests with a Content-Type of application/octet-stream. This improper handling of requests prevents the HTTP...
socket.io: engine.io: Socket.IO: Denial of Service via invalid binary POST requests
A flaw was found in Socket.IO, specifically within the Engine.IO protocol v4 polling transport. An unauthenticated attacker can exploit this vulnerability by sending invalid binary POST requests with a Content-Type of application/octet-stream. This improper handling of requests prevents the HTTP...
CVE-2026-59725 Socket.IO: Engine.IO Polling Transport Connection Exhaustion
Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated...
EUVD-2026-42313
Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated...
CVE-2026-59725
CVE-2026-59725 affects Socket.IO’s Engine.IO polling transport (versions 4.1.0–6.6.6). The root cause is that invalid binary POST requests with Content-Type: application/octet-stream are not properly closing the HTTP response, enabling unauthenticated attackers to exhaust server-side connections ...
GHSA-M9GH-VJ53-GVH9 python-engineio has possible denial of service due to maximum payload size sometimes not being enforced
Impact There are two specific configurations of the python-engineio server in which the size of incoming messages is not checked before the messages are loaded into memory. An attacker can take advantage of these to cause unnecessary memory allocations in the python-engineio server. The two cases...
UBUNTU-CVE-2026-53321
In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...
CVE-2026-53321
In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...
CVE-2026-53321
CVE-2026-53321 affects the Linux kernel io_uring/napi busy polling, where there was no cap on the maximum polling time when no events are found. The root cause is an unbounded busy_poll loop that can cause a task to be stuck, potentially leading to DoS-like unresponsiveness. Several connected sou...
PT-2026-53020
Name of the Vulnerable Software and Affected Versions python-engineio versions prior to 4.13.2 Description Two specific configurations of the server fail to verify the size of incoming messages before loading them into memory, which can lead to excessive memory allocations. This occurs during POS...
PT-2026-52960
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the io uring/napi component where there is no limit on the maximum time napi can poll when no events are found. This lack of a cap can lead to kernel complaints...
CVE-2026-52983 net: airoha: fix BQL imbalance in TX path
In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix BQL imbalance in TX path Fix a possible BQL imbalance in airohadevxmit, where inflight packets are accounted only for the AIROHANUMTXRING netdev TX queues. The queue index is computed as: qid =...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed the destruction of kthread workers in polling mode. The cleanup order in polling mode irq worklist and WARNON!listempty&worker-delayedworklist. The original code called kthreadDestroyWorker before...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: “Revert ‘wireguard: device: enable threaded NAPI’” This resolution corresponds to commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c, which is a commit from upstream. We have received three independent reports from production users...
CVE-2025-40904
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...
SUSE CVE-2026-45968
In the Linux kernel, the following vulnerability has been resolved: cpuidle: Skip governor when only one idle state is available On certain platforms PowerNV systems without a power-mgt DT node, cpuidle may register only a single idle state. In cases where that single state is a polling state sta...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: igb: The napisynchronize function was removed from igbdown. When an AFXDP zero-copy application terminates abruptly e.g., using kill -9, the XSK buffer pool is destroyed, but NAPI polling continues. The igbcleanrxirqzc functio...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: sched/psi: The use of kernfs polling functions for PSI trigger polling was incorrect. Destroying the psitriggerdestroy in cgroupfilerelease causes a Use-After-Free UAF issue when a cgroup is removed from a polling process. This...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use deltimersync instead of deltimer in the fw reset flow of the halting poll. Replace deltimer with deltimersync in the fw reset polling activation flow. This prevents a race condition that occurs when deltimer is call...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm: Check that output polling is initialized before disabling it. In drmkmshelperpolldisable, check that output polling is initialized before disabling polling. If not, flag this as a warning. Additionally, in...