184 matches found
EUVD-2026-39576
Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...
CVE-2026-11703
Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...
CVE-2026-11703 Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption
Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...
CVE-2026-11703
The CVE-2026-11703 entry describes a vulnerability in stateful (session-ID) TLS resumption where missing SNI/ALPN binding allowed a cached session to be resumed under a different SNI/ALPN than originally negotiated. The root cause is the absence of binding checks for stateful resumption paths, wh...
PT-2026-52591
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where SNI Server Name Indication and ALPN Application-Layer Protocol Negotiation bindings are missing during stateful session-ID resumption. This...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the session management endpoint. An attacker can access session credentials of other users, including those with higher privileges, by making authenticated requests with knowledge of a target user's identity...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables – A memory leak occurred during the stateful object update. Stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The -init function wa...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nftables: nftdynset: fixed a possible stateful expression memory leak in the error path. If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: The issue of underflow in the chain reference counter was fixed. The error path of set element addition decremented the reference counter on chains twice—once when the element was released, and again throu...
CVE-2026-41710
An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to...
CVE-2026-41710 Cache Exhaustion in Stateful Retries leads to Denial of Service
An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to...
EUVD-2026-35321
An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to...
CVE-2026-41710 Cache Exhaustion in Stateful Retries leads to Denial of Service
An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to...
CVE-2026-41710
The CVE-2026-41710 issue affects Spring Retry versions 2.0.0–2.0.12 and 1.3.0–1.3.4. An attacker can craft a large number of unique requests that trigger failures, exhausting the application-wide stateful retry cache. Once the cache is full, it permanently rejects further updates, causing all lat...
PT-2026-47646
Name of the Vulnerable Software and Affected Versions Spring Retry versions 2.0.0 through 2.0.12 Spring Retry versions 1.3.0 through 1.3.4 Description An attacker can send a large volume of unique requests that trigger failures, which exhausts the capacity of the application-wide stateful retry...
Toward Secure LLM Agents: Threat Surfaces, Attacks, Defenses, and Evaluation
Large language model LLM agents are rapidly moving from conversational interfaces to software components that plan, invoke tools, maintain memory, and act on external environments. This transition changes the nature of security risk. In agentic settings, failures are no longer limited to unsafe...
CVE-2026-41710: Cache Exhaustion in Stateful Retries leads to Denial of Service
An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the stateful retry cache. An attacker can cause denial of service by generating a large number of unique failing requests that create persistent entries in the application-wide...
CVE-2026-46344
A flaw was found in liboqs, a C-language cryptographic library. An out-of-bounds read vulnerability exists in the XMSS and XMSS^MT stateful signature verification code. A remote attacker could exploit this by providing a specially crafted public key that causes the verification function to read...
CVE-2026-44518
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...