CVE-2025-40260

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix scxenable crash on helper kthread creation failure A crash was observed when the schedext selftests runner was terminated with Ctrl+\ while test 15 was running: NIP c00000000028fa58 scxenable.constprop.0+0x358/0x12b...

Exploit for CVE-2025-55182

React2Shell Scanner High Fidelity Detection & Exploitation To...

CVE-2025-40260

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix scxenable crash on helper kthread creation failure A crash was observed when the schedext selftests runner was terminated with Ctrl+\ while test 15 was running: NIP c00000000028fa58 scxenable.constprop.0+0x358/0x12b...

scsi: target: iscsi: Fix a race condition between login_work and the login thread

...

Race Condition within a Thread

Overview mcp-mesh is a Kubernetes-native platform for distributed MCP applications Affected versions of this package are vulnerable to Race Condition within a Thread due to a Race Condition in Access Control. The agent shutdown process fails to atomically remove agents from the registry before...

Authorization Bypass Through User-Controlled Key

Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing authorization check when binding a WebSocket session to a user-supplied threadId. An attacker can exploit this weakness by providin...

PUB-A-427204614

In bigoworkerthread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Apache Druid’s Kerberos authenticator uses a weak fallback secret

Apache Druid’s Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. In this case, the secret is generated using ThreadLocalRandom, which is not a crypto-graphically secure random number generator...

CVE-2025-65947

thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the threadamount function calls CreateToolhelp32Snapshot but fails to close the return...

CVE-2025-65947

thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the threadamount function calls CreateToolhelp32Snapshot but fails to close the return...

CVE-2025-65947 thread-amount is Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS

thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the threadamount function calls CreateToolhelp32Snapshot but fails to close the return...

CVE-2025-65947 thread-amount is Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS

thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the threadamount function calls CreateToolhelp32Snapshot but fails to close the return...

CVE-2025-65947

CVE-2025-65947 affects the thread_amount crate. Before v0.2.2, Windows builds leak handles (CreateToolhelp32Snapshot handles not closed) and macOS builds leak memory (allocated thread lists not deallocated via vm_deallocate). Repeated queries can exhaust handles or memory, risking instability or ...

CVE-2025-65947 thread-amount is Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS

thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the threadamount function calls CreateToolhelp32Snapshot but fails to close the return...

GHSA-JF9P-2FV9-2JP2 thread-amount Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS

Affected versions of this crate contain resource leaks when querying thread counts on Windows and Apple platforms. Windows The threadamount function calls CreateToolhelp32Snapshot but fails to close the returned HANDLE using CloseHandle. Repeated calls to this function will cause the handle count...

thread-amount 安全漏洞

thread-amount is a tool by jez personal developer to get the number of threads in the current process. A security vulnerability exists in thread-amount versions prior to 0.2.2, which stems from a resource leak that could lead to system instability or process termination...

PT-2025-47817

Name of the Vulnerable Software and Affected Versions thread-amount versions prior to 0.2.2 Description The thread-amount tool, used to determine the number of threads in a process, contains resource leaks when obtaining thread counts on Windows and Apple platforms. On Windows, the thread amount...

ThreadFuzzer: Fuzzing Framework for Thread Protocol

With the rapid growth of IoT, secure and efficient mesh networking has become essential. Thread has emerged as a key protocol, widely used in smart-home and commercial systems, and serving as a core transport layer in the Matter standard. This paper presents ThreadFuzzer, the first dedicated...

Security Bulletin: Astronomer with IBM is vulnerable to event thread locking due to the starlette package (CVE-2025-54121)

Summary Starlette is used by Astronomer with IBM as part of the request processing functionality. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In...

PT-2025-49090

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A crash could occur in the scx enable function when a helper kthread creation failed. This was observed during termination of the sched ext selftests runner with Ctrl+ while test 15 was...