tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

Important: python-twisted

Issue Overview: The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasse...

exploit-lab

Threadbare — Exploit-Development Training Lab Introduction...

OSV-2026-808 Heap-buffer-overflow in ihevcd_fmt_conv

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515994900 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcdfmtconv ihevcdprocessthread startthread...

PT-2026-46106

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515994900 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv ihevcd process thread start thread...

OESA-2026-2390 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen...,...

Linux Distros Unpatched Vulnerability : CVE-2026-8695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 6.1.5 contains a use-after-free vulnerability in the gdbrthreadslist function that allows remote attackers to trigger memory corruption by sending a val...

Unity Linux 20.1070e Security Update: wildfly-core (UTSA-2026-016706)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016706 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

RockyLinux 10 : mysql8.4 (RLSA-2026:4162)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:4162 advisory. mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21941 mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21948 mysql:...

RLSA-2026:4162 Moderate: mysql8.4 security update

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. Security Fixes: mysql:...

CVE-2026-45251

A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, t...

EUVD-2026-31256

A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, t...

MAL-2026-4549 Malicious code in dot-utils-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3091b9bb8cbf714d9391a59f7303a3748e183bbdf0fba2264b7496a2072e717f On every import, dist/index.js base64-decodes a hardcoded AES-256-CBC ciphertext, derives a key from environment variable VITEDOTUTILSAESSECRET,...

FreeBSD 资源管理错误漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a resource management vulnerability in FreeBSD. This vulnerability arises from threads being blocked during poll or select calls when file descriptors are closed. The kernel fails to remove the blocked threads...

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

keycloak: Keycloak: Denial of Service via specially crafted SAML input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

keycloak: Keycloak: Denial of Service via specially crafted SAML input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

CVE-2026-44608

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

EUVD-2026-31087

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

CVE-2026-44608 Use after free and crash under special conditions in RPZ code

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...