CVE-2025-38477

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

CVE-2025-38477

Summary of CVE-2025-38477 details (from connected sources): The Linux kernel vulnerability concerns a race condition in the net/sched sch_qfq code, where the field 'agg' can be modified in qfq_change_agg during qfq_enqueue, while other threads may access it concurrently. This can lead to a NULL d...

The vulnerability of the macb_halt_tx() function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the macbhalttx function in the Linux operating system’s kernel is related to mutual locking of execution threads. Exploiting this vulnerability can allow an attacker to trigger a service failure...

Silicon Labs OpenThread RCP 安全漏洞

Silicon Labs OpenThread RCP is a firmware for a coprocessor from Silicon Labs, USA. A security vulnerability exists in the Silicon Labs OpenThread RCP that stems from a failure to clear the SPI transmit buffer in a high traffic environment, which could result in the sending of corrupted packets...

CVE-2025-51865

Ai2 playground web service playground.allenai.org LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference IDOR, allowing attackers to gain sensitvie information via enumerating thread keys in the URL...

Exploit for CVE-2025-34085

Cyberlone Indonesia 🛠️ WordPress Simple File List RCE Scanner...

CVE-2025-51865

Ai2 playground web service playground.allenai.org LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference IDOR, allowing attackers to gain sensitvie information via enumerating thread keys in the URL...

CVE-2025-51865

Ai2 playground web service playground.allenai.org LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference IDOR, allowing attackers to gain sensitvie information via enumerating thread keys in the URL...

CVE-2025-51865

CVE-2025-51865 concerns the Ai2 Playground web service (playground.allenai.org). The vulnerability is an Insecure Direct Object Reference (IDOR) that lets an attacker enumerate thread keys in the URL to gain sensitive information. The CVE is tracked with CVSS 3.1: Network attack, Low attack compl...

The vulnerability of the nfs_return_empty_folio() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the nfsreturnemptyfolio function in the Linux operating system is related to errors during thread blocking. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-54121

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

CVE-2025-54121

CVE-2025-54121 affects Starlette (Python, ASGI). In versions 0.47.1 and older, multipart form parsing of large files can cause the main event loop to stall while rolling the file to disk, because UploadFile incorrectly checks file-in-memory status and whether additional bytes trigger a rollover. ...

CVE-2025-54121 Starlette has possible denial-of-service vector when parsing large files in multipart forms

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

Starlette has possible denial-of-service vector when parsing large files in multipart forms

Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-17166)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which originates from improper access control of the Thread Pooling component, and can be exploited by an attacker to cause a partial denial of service...

Liner 安全漏洞

Liner is an AI large language modeling platform from Liner. A security vulnerability exists in Liner version 2025-06-03 and earlier, which stems from improper access control of the spaceid, threadid, and messageid parameters, which could lead to the disclosure of sensitive information...

PT-2025-30341

Name of the Vulnerable Software and Affected Versions Starlette versions 0.47.1 and below Description Starlette is a lightweight ASGI framework/toolkit for building async web services in Python. When parsing multi-part forms with large files exceeding the default maximum spool size, Starlette...

Vulnerability of the Server component: Thread Pooling in the MySQL Server database management system, which allows attackers to cause service interruptions.

The vulnerability of the Server: Thread Pooling component of the MySQL Server database management system is related to uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause service interruptions...

ConstStaticCell could have been used to pass non-Send values to another thread

ConstStaticCell could have been used to pass non-Send values to another thread, because T was not required to be Send while ConstStaticCell is Send. This was corrected by introducing a T: Send bound...

RUSTSEC-2025-0045 ConstStaticCell could have been used to pass non-Send values to another thread

ConstStaticCell could have been used to pass non-Send values to another thread, because T was not required to be Send while ConstStaticCell is Send. This was corrected by introducing a T: Send bound...