Race Condition

@auth0/nextjs-auth0 is vulnerable to a race condition. The vulnerability is due to improper lookup handling in the TokenRequestCache during simultaneous requests on the same client, which allows an attacker to exploit inconsistent token responses and potentially interfere with authentication flow...

Improper Resource Locking

Overview pterodactyl/panel is a game management panel. Affected versions of this package are vulnerable to Improper Resource Locking due to the validation occuring early in the request cycle and not locking the target resource while it is processing. An attacker can exhaust system resources and...

CVE-2025-67490

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...

EUVD-2025-23788

Malicious code in bioql PyPI...

EUVD-2024-3530

Malicious code in bioql PyPI...

CVE-2025-27076

Memory corruption while processing simultaneous requests via escape path...

CVE-2025-27076

Memory corruption while processing simultaneous requests via escape path...

PT-2025-32140

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A memory corruption issue exists when processing simultaneous requests through an escape path. Recommendations: At the moment, there is no information about a...

CVE-2021-30335

Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

GHSA-VPFW-47H7-XJ4G Rack session gets restored after deletion

Summary When using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Details Rack session middleware prepares the session at the beginning of request, then saves is back to the store wit...

Dust: Race Condition in Folder Creation Allows Bypassing Folder Limit

The application enforced a hard limit of 10 folders per user under a specific space. However, due to a race condition, it was possible to bypass this limit by sending multiple folder creation requests simultaneously after deleting one folder. This allowed creating more than 10 folders, breaking t...

Denial Of Service (DoS)

ai.h2o, h2o-core is vulnerable to Denial Of Service DoS. The vulnerability is due to the /3/Parse endpoint constructing a regular expression from a user-specified string, which is then applied to another user-specified string, allowing an attacker to send multiple simultaneous requests and exhaus...

H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint

A vulnerability in the /3/Parse endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an...

SUSE CVE-2024-50285

In the Linux kernel, the following vulnerability has been resolved: ksmbd: check outstanding simultaneous SMB operations If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbdworkcache". It will cause OOM issue. ksmbd has a credit mechanism but it can'...

AZL-53570 CVE-2024-50285 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: check outstanding simultaneous SMB operations If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbdworkcache”. It will cause OOM issue. ksmbd has a credit mechanism but it can'...

keycloak: potential bypass of brute force protection

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. Thi...

CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack

WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...

PT-2024-26112 · Unknown · Wows Karma

Name of the Vulnerable Software and Affected Versions: WOWS Karma versions prior to 0.17.4.1 Description: The issue allows a user to bypass cooldown validation by sending multiple post creation API requests simultaneously. This is achieved by clicking the "create" button multiple times on a post...

PT-2023-15906 · Unknown · Cyber Control

Name of the Vulnerable Software and Affected Versions: Cyber Control version 1.650 Description: The issue affects the generation of pop-up windows on the server with specific messages, including "PNTMEDIDAS", "PEDIR", "HAYDISCOA", or "SPOOLER". A complete denial of service can be achieved by...