slack-go `SecretsVerifier` accepts empty signing secret without precondition

go func NewSecretsVerifierheader http.Header, secret string SecretsVerifier, error hash := hmac.Newsha256.New, bytesecret // raw secret, no precondition...

GHSA-GXHX-2686-5H9G slack-go `SecretsVerifier` accepts empty signing secret without precondition

go func NewSecretsVerifierheader http.Header, secret string SecretsVerifier, error hash := hmac.Newsha256.New, bytesecret // raw secret, no precondition...

CLSA-2026-1777392531 glib2: Fix of CVE-2020-35457

CVE-2020-35457: add a precondition in goptiongroupaddentries to avoid a GOptionEntry list size overflow GMAXSIZE. Patch backported from amazon-linux-2els...

CLSA-2026-1777391919 glib2: Fix of CVE-2020-35457

CVE-2020-35457: add a precondition in goptiongroupaddentries to avoid a GOptionEntry list size overflow GMAXSIZE. Patch backported from amazon-linux-2els...

CVE-2026-42033

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can a silently intercept and modify every JSON response before the...

CVE-2026-0109

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-10835

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-10834

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0109

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0109

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0109

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0109

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0109

CVE-2026-0109 affects the function dhd_tcpdata_info_get in dhd_ip.c, enabling a remote Denial of Service due to a precondition check failure. Exploitation requires no user interaction and can be remote (network vector). The strongest public context comes from Android Pixel bulletin entries, which...

PT-2026-24438

Name of the Vulnerable Software and Affected Versions versions prior to 2026 Description A flaw exists in the dhd tcpdata info get function within dhd ip.c that may result in a denial of service. This issue stems from a failure in a precondition check. Successful exploitation does not require...

Google Pixel 安全漏洞

The Google Pixel is a smartphone produced by Google Inc. The Google Pixel has a security vulnerability, which stems from a failed precondition check in dhdtcpdatainfoget within dhdip.c, potentially leading to remote denial of service attacks...

PUB-A-438245439

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-14424 GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

CVE-2025-48626

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-201743

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48626

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...