694 matches found
CVE-2026-56778 n8n - Authorization Bypass in Public API Execution Retry Endpoint
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a shared workflow can use the Public API to ret...
CVE-2026-56778
CVE-2026-56778 (n8n) : Affected versions are n8n before 2.25.7 and 2.26.x before 2.26.2. The Public API execution retry endpoint authorizes with the workflow:read scope instead of workflow:execute, allowing an authenticated user with read-only access to a shared workflow to retry executions, bypa...
GHSA-77Q5-RR5V-X43Q OpenClaw: Trusted retry endpoint checks could match hostname prefixes
Summary Trusted retry endpoint checks could match hostname prefixes. In affected versions, a retry endpoint URL chosen by lower-trust input could pass validation by using a hostname prefix that resembled a trusted host. This advisory is scoped to the named feature and configuration. It does not...
CVE-2026-10646 Use-after-return in `zsock_getaddrinfo()` when a timed-out DNS query is retried without cancellation
Zephyr's BSD-sockets getaddrinfo implementation subsys/net/lib/sockets/getaddrinfo.c passes a pointer to a stack-allocated state object struct getaddrinfostate aistate as the userdata of an asynchronous DNS resolver query. The socket layer waits on a semaphore with a timeout deliberately set...
CVE-2026-10646
Zephyr's BSD-sockets getaddrinfo implementation subsys/net/lib/sockets/getaddrinfo.c passes a pointer to a stack-allocated state object struct getaddrinfostate aistate as the userdata of an asynchronous DNS resolver query. The socket layer waits on a semaphore with a timeout deliberately set...
CVE-2026-52950
A flaw was found in the Linux kernel, specifically within the drm/xe/dma-buf component. This Use-After-Free UAF vulnerability occurs due to an issue in a retry loop, where a buffer object is prematurely freed on error. An attacker could potentially exploit this to cause memory corruption, leading...
CVE-2026-53058
A flaw was found in the drm/bridge: cadence: cdns-mhdp8546-core component of the Linux kernel. This vulnerability allows for a NULL pointer dereference during error handling within the atomicenable function. If cdnsmhdplinkup or cdnsmhdpregread encounter errors, a subsequent attempt to access a...
UBUNTU-CVE-2026-53191
In the Linux kernel, the following vulnerability has been resolved: iouring/net: inherit IORINGCQEFBUFMORE across bundle recv retries When a bundle recv retries inside iorecvfinish, the merge logic OR the saved cflags from the previous iteration with the cflags returned by the new iteration: cfla...
BIT-LIBPYTHON-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow
bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...
EUVD-2026-38818
In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...
CVE-2026-54904
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReferenceupdate, which retries until compareandsetoldvalue,...
CVE-2026-52962
In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...
CVE-2026-52950
In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...
CVE-2026-53058
The CVE-2026-53058 entry documents a fix in the Linux kernel’s DRM Cadence driver: in the cdns-mhdp8546-core, the mhdp connector must be set earlier in atomic_enable to prevent a NULL pointer dereference in recovery paths (e.g., modeset_retry_fn) when errors occur in cdns_mhdp_link_up() or cdns_m...
CVE-2026-52962
In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...
CVE-2026-52950
In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...
CVE-2026-52950 drm/xe/dma-buf: fix UAF with retry loop
In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...
CVE-2026-52950 drm/xe/dma-buf: fix UAF with retry loop
In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...
CVE-2026-52950
The CVE-2026-52950 issue affects the Linux kernel DRM/XE DMA-BUF path. The vulnerability is a Use-After-Free in the retry loop where a buffer object could be freed on error, potentially leading to memory corruption. The documented fix changes the sequence to allocate and initialize before the att...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: libceph: The state of sparse-read was reset in osdfault. When a fault occurs, the connection is abandoned, re-established, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a...