146 matches found
CVE-2026-7768
@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure
Summary The Zipkin exporter remote endpoint cache accepted unbounded key growth derived from span attributes. In high-cardinality scenarios, this could increase process memory usage over time and degrade availability. Details - Introduce a bounded, thread-safe LRU cache for remote endpoints. -...
@ainsleydev/payload-helper (>=0.0.1 <=0.0.2), @bsct/payload (=1.0.0) +90 more potentially affected by CVE-2026-41690 via i18next-http-middleware (>=3.0.2 <=3.9.2)
i18next-http-middleware NPM version =3.0.2, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.0.1, =8.0.0, =3.0.0, =1.0.0, =1.0.6, =1.0.0, =0.0.1, =0.0.229 and more Source cves: CVE-2026-41690 Source advisory: SNYK:JS-I18NEXTHTTPMIDDLEWARE-16415526...
CVE-2026-27980
Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many...
CVE-2026-27980 Next.js: Unbounded next/image disk cache growth can exhaust storage
Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many...
CVE-2026-27980
Next.js versions 10.0.0 through 16.1.6 expose an unbounded disk cache in the image optimization feature at /_next/image, allowing denial of service via cache growth. The root cause is a lack of an upper bound on the disk cache; the fix in v16.1.7 adds an LRU-backed disk cache and an eviction poli...
CVE-2026-27980 Next.js: Unbounded next/image disk cache growth can exhaust storage
Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many...
Next.js: Unbounded next/image disk cache growth can exhaust storage
Summary The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. Impact An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. Note that this does not impa...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mm/migratedevice: Do not add the “folio” to be freed to the LRU list during migratedevicefinalize. If the migration succeeds, we call foliomigrateflags-memcgroupmigrate to migrate the memcg from the old to the new “folio”. This...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005108)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005108 advisory. In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to memcgroupidr Commit 73f576c04b94 mm: memcontrol: fix cgroup...
[SECURITY] Fedora 43 Update: rust-lru-0.16.3-1.fc43
A LRU cache implementation...
[SECURITY] Fedora 42 Update: rust-lru-0.16.3-1.fc42
A LRU cache implementation...
CVE-2023-54283
In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpflrulist KCSAN reported a data-race when accessing node-ref. Although node-ref does not have to be accurate, take this chance to use a more common READONCE and WRITEONCE pattern instead of datarace...
UBUNTU-CVE-2023-54283
In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpflrulist KCSAN reported a data-race when accessing node-ref. Although node-ref does not have to be accurate, take this chance to use a more common READONCE and WRITEONCE pattern instead of datarace...
CVE-2023-54283
In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpflrulist KCSAN reported a data-race when accessing node-ref. Although node-ref does not have to be accurate, take this chance to use a more common READONCE and WRITEONCE pattern instead of datarace...
CVE-2023-54165
In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zsmapobject to zsmalloc Under memory pressure, we sometimes observe the following crash: 5694.832838 ------------ cut here ------------ 5694.842093 listdel corruption, ffff888014b6a448-next is...
CVE-2023-54165 zsmalloc: move LRU update from zs_map_object() to zs_malloc()
In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zsmapobject to zsmalloc Under memory pressure, we sometimes observe the following crash: 5694.832838 ------------ cut here ------------ 5694.842093 listdel corruption, ffff888014b6a448-next is...
PT-2025-53994
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-0 fbk3 rc3 hoangnhatpzsdynshrv41 10870 g85a9558a25de Description The Linux kernel contains an issue within the zsmalloc subsystem related to the timing of Least Recently Used LRU list updates. The LRU upda...
bpf: Free special fields when update [lru_,]percpu_hash maps
...
Linux Distros Unpatched Vulnerability : CVE-2023-54033
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: fix a memory leak in the LRU and LRUPERCPU hash maps The LRU and LRUPERCPU maps allocate a new element on update before locking the target hash table bucke...