Linux Distros Unpatched Vulnerability : CVE-2026-54275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existi...

Astra Linux – Vulnerability in Firefox and Thunderbird

When reusing existing popups, Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The binding mark of a reused connection was unset. Steve French reported a null pointer dereference error from the sha256 library. The cifs.ko module can send session setup requests using a reused connection. If a reuse...

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the serverhostname parameter handling during HTTPS connection reuse. An attacker can bypass intended TLS SNI checks by reusing an existing connection with a different...

Adobe Acrobat Reader 资源管理错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reuse of resources after File Input is released...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a resource management vulnerability. This vulnerability stemmed from the issue of reusing views after they were released, which could allow remote attackers who exploit specific UI gesture...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a resource management vulnerability. This vulnerability stemmed from the reuse of decoded objects after their release, which could allow remote attackers to obtain sensitive information fr...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the use of views, which were reused after being released. This could allow remote attackers to escape the sandbox...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the browser debug and export routes. An attacker can access sensitive internal resources by reusing already-open blocked tabs to export or inspect content that...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from writing values from the /smack/doi module. By writing values that have been previously used, it is...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the use of GPU components that were reused after being released, potentially allowing remote attackers who had...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of CSS after it was released, which could allow remote attackers to execute arbitrary code within a...

JLSEC-2026-429 When doing TLS related transfers with reused easy or multi handles and altering the ...

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

stale custom cookie host causes cookie leak

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

curl: CVE-2026-7168: cross-proxy Digest auth state leak

Summary: On libcurl 8.19.0, Proxy Digest state learned from proxyA survives an independent transfer boundary on a reused easy handle and is emitted preemptively to proxyB when the proxy is changed. In the attached C PoC, the first CONNECT to proxyB carries Proxy-Authorization: Digest ... built fr...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel, which stem from issues with the smbgrantoplock function. These vulnerabilities involve reusing freed resources an...

CVE-2026-32960

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet...

curl: libcurl stale CURLOPT_AUTOREFERER leaks a previous request URL to a different origin on a reused easy handle

Summary: libcurl keeps a stale data-state.referer after an HTTP redirect when CURLOPTAUTOREFERER is enabled. Curlhttpfollow stores the previous URL into data-state.referer at lib/http.c:1166-1189, and later requests reuse that value when building Referer: at lib/http.c:2954-2957. In my local...

CVE-2026-6100

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...