kernel: xfrm: Duplicate SPI Handling

In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRMMSGALLOCSPI Netlink message, which triggers the kernel function xfrmallocspi. This function is expected to ensure uniqueness of the Security...

CVE-2026-8731

A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogssbiclientadd in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument clientpool leads to denial of service. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-8731

Open5GS (up to 2.7.7) is affected by CVE-2026-8731. The vulnerability is in the NRF component, in function ogs_sbi_client_add in /lib/sbi/client.c, where manipulating the client_pool argument can cause denial of service. The issue can be triggered remotely and the exploit has been disclosed publi...

CVE-2026-8731 Open5GS NRF client.c ogs_sbi_client_add denial of service

A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogssbiclientadd in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument clientpool leads to denial of service. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-8731

A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogssbiclientadd in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument clientpool leads to denial of service. It is possible to initiate the attack remotely. The exploit has been...

EUVD-2026-30680

A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogssbiclientadd in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument clientpool leads to denial of service. It is possible to initiate the attack remotely. The exploit has been...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the ogssbiclientadd function in the library/lib/sbi/client.c...

PT-2026-41517

A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs sbi client add in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument client pool leads to denial of service. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-44553 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

CVE-2026-44553

Open WebUI (self-hosted offline AI) has a Socket.IO session cache vulnerability where admin role changes or user deletions are not propagated to active sessions. Prior to version 0.9.0, a user whose admin role was revoked can retain admin privileges within their existing Socket.IO session as long...

CVE-2026-44553 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

Apache Kafka Clients: Apache Kafka Clients: Information disclosure and data corruption due to race condition in producer buffer management

A flaw was found in the Apache Kafka Java producer client. A race condition in the client's buffer pool management can cause messages to be silently delivered to incorrect topics. This occurs when a message batch expires while its network request is still active, leading to premature buffer...

CVE-2026-42594 Gotenberg: Unauthenticated denial of service via echo.Context pool reuse in webhook async goroutine

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent...

CVE-2026-42594

Gotenberg CVE-2026-42594 describes an unauthenticated denial of service caused by reuse of echo.Context in the webhook async flow. Prior to 8.32.0, a goroutine holds a reference to the request context after ErrAsyncProcess, and Echo recycles the context to a pool. If a concurrent request reuses t...

curl: TLS peer-verification bypass via mid-transfer ssl_config mutation

Hi all, We want to report a TLS peer-verification issue on current master. The trigger is narrow and requires a specific application usage pattern, but when it fires, a transfer that requests CURLOPTSSLVERIFYPEER=1 can reuse a TLS connection that was established with peer verification disabled...

EUVD-2026-29922

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

CVE-2026-39806

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...

ALPINE-CVE-2026-4873

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

CVE-2026-4873 connection reuse ignores TLS requirement

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

CVE-2026-4873 connection reuse ignores TLS requirement

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...