Lucene search
K

4538 matches found

CVE
CVE
added 2 hours ago9 views

CVE-2026-14607

CVE-2026-14607 affects RT-Thread up to 5.0.2, specifically the sys_getaddrinfo implementation in components/lwp/lwp_syscall.c. Manipulating the ai_addr argument can cause memory corruption; exploit public and local access required. A fix is being prepared in a pull request (RT-Thread/rt-thread#11...

6.8CVSS5.6AI score
Exploits0References7
CVE
CVE
added 2 hours ago8 views

CVE-2026-14605

CVE-2026-14605 affects RT-Thread up to 5.0.2. The vulnerability is in the function recvmsg within bsp/loongson/ls1cdev/libraries/ls1c_can.h of the ls1c CAN Handler . It enables a stack-based buffer overflow when processing input, with local access required to exploit. Public exploit code exists. ...

8.5CVSS7.4AI score
Exploits0References6
OSV
OSV
added yesterday2 views

UBUNTU-CVE-2026-53352

In the Linux kernel, the following vulnerability has been resolved: signal: clear JOBCTLPENDINGMASK for caller in zapotherthreads When a multi-threaded process receives a stop signal e.g., SIGSTOP, dosignalstop sets JOBCTLSTOPPENDING and JOBCTLSTOPCONSUME on all threads and sets...

5.7AI score0.00164EPSS
Exploits0References11
CVE
CVE
added 2 days ago6 views

CVE-2026-55688

Affected software: AsyncHttpClient (AHC) library for Java. Vulnerable versions: 2.0.0 up to (but not including) 2.16.0, and 3.0.0.Beta1 up to (but not including) 3.0.11. Root cause: ThreadSafeCookieStore may store a cookie using the.Domain value without validating that the responding host is allo...

4CVSS5.8AI score0.00179EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40986

In the Linux kernel, the following vulnerability has been resolved: signal: clear JOBCTLPENDINGMASK for caller in zapotherthreads When a multi-threaded process receives a stop signal e.g., SIGSTOP, dosignalstop sets JOBCTLSTOPPENDING and JOBCTLSTOPCONSUME on all threads and sets...

5.8AI score0.00164EPSS
Exploits0References8
NVD
NVD
added 3 days ago7 views

CVE-2026-10655

The asynchronous SNTP client in Zephyr subsys/net/lib/sntp/sntp.c, sntpcloseasync closed the UDP socket file descriptor directly from the calling thread immediately after detaching it from the network socket service, without synchronizing with the socket-service poll thread. The socket service...

6.5CVSS0.0024EPSS
Exploits0References2
CVE
CVE
added 3 days ago10 views

CVE-2026-10655

Concrete details found: Zephyr’s asynchronous SNTP client (sntp_close_async) can race with the socket service poll thread. Closing the UDP socket descriptor from a different thread (SNTP timeout path) may free and reuse net_context while the poll thread holds a poller node, causing a use-after-fr...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References2
OSV
OSV
added 4 days ago5 views

PYSEC-2026-470 PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`

Summary The getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, the injected payload executes and grants full database...

9.8CVSS5.8AI score0.00533EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 3:32 p.m.8 views

EUVD-2026-39776

When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to th...

5.5CVSS5.9AI score0.00092EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-45256

When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to th...

5.5CVSS0.00092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/25 9:26 p.m.5 views

CVE-2026-52973

A flaw was found in the Linux kernel's futex subsystem. The needfutexhashallocatedefault function incorrectly relies on CLONETHREAD semantics, which can lead to non-concurrency issues when memory allocations mm-futexref pcpu allocations are shared across CLONEVM clones, excluding vfork. This can...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 6:32 p.m.4 views

EUVD-2026-38841

In the Linux kernel, the following vulnerability has been resolved: futex: Drop CLONETHREAD requirement for private default hash alloc Currently needfutexhashallocatedefault depends on strict pthread semantics, abusing CLONETHREAD. This breaks the non-concurrency assumptions when doing the...

5.7AI score0.00128EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-53071

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Add missing chan lock in l2capecredreconfrsp l2capecredreconfrsp calls l2capchandel without holding l2capchanlock. Every other l2capchandel caller in the file acquires the lock first. A remote BLE device can sen...

8.8CVSS0.00146EPSS
Exploits0References11
NVD
NVD
added 2026/06/24 5:17 p.m.3 views

CVE-2026-52973

In the Linux kernel, the following vulnerability has been resolved: futex: Drop CLONETHREAD requirement for private default hash alloc Currently needfutexhashallocatedefault depends on strict pthread semantics, abusing CLONETHREAD. This breaks the non-concurrency assumptions when doing the...

7.8CVSS0.00128EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 4:30 p.m.4 views

EUVD-2026-38996

In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbdadmdumpdevices Make drbdadmdumpdevices call rcureadlock before rcureadunlock is called. This has been detected by the Clang thread-safety analyzer...

5.7AI score0.0018EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 4:30 p.m.3 views

EUVD-2026-38939

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Add missing chan lock in l2capecredreconfrsp l2capecredreconfrsp calls l2capchandel without holding l2capchanlock. Every other l2capchandel caller in the file acquires the lock first. A remote BLE device can sen...

5.8AI score0.00146EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 3:46 p.m.31 views

CVE-2026-54906

Vulnerability summary (CVE-2026-54906) : In the Ruby concurrency library concurrent-ruby (ReadWriteLock), versions prior to 1.3.7 expose a synchronization bug in the public API. Specifically, release_write_lock does not verify that the calling thread owns the write lock, allowing another thread t...

9.8CVSS5.9AI score0.0016EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/24 3:36 p.m.5 views

CVE-2026-52918

A flaw was found in the Linux kernel's Bluetooth subsystem. A race condition exists in the handling of the acceptq within the btsockpoll function due to a lack of synchronization. This could allow a local attacker to cause a denial of service by manipulating socket operations during child teardow...

8.8CVSS5.8AI score0.00266EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in curl

When performing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread will inadvertently change them globally, and thus may also affect other concurrently running transfers. Disabling certificate verification for a specific transfer can unintentionally...

6.3CVSS6.7AI score0.00106EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: md/raid5: Fixed possible null-pointer dereferences in raid5storegroupthreadcnt. The variable mddev-private is first assigned to conf, and then checked: c conf = mddev-private; if !conf… If conf is NULL, then mddev-private is also...

5.5CVSS5.9AI score0.0015EPSS
Exploits0References3
Rows per page
Query Builder