CVE-2026-6729 HKUDS OpenHarness Session Key Collision Privilege Escalation

HKUDS OpenHarness prior to PR 159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse...

CVE-2026-6729

CVE-2026-6729 concerns HKUDS OpenHarness before PR #159, where a session key derivation flaw allows authenticated participants in shared chats/threads to hijack other users’ sessions by exploiting a shared ohmo session key without sender identity verification. This enables reuse of another user’s...

[SECURITY] [DLA 4538-1] perl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4538-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler April 18, 2026 https://wiki.debian.org/LTS -...

JLSEC-2026-132

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...

CLSA-2026-1776421961 libwebp: Fix of 2 CVEs

CVE-2018-25013, CVE-2018-25014: wait for all threads to be done in DecodeRemaining, make sure partition 0 is read before VP8 data...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010670)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010670 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap useafterfree when on...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007430)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007430 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: use sig-statslock to gather the threads/children stats locktasksighand can...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007607)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007607 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007316)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007316 advisory. In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from...

[SECURITY] Fedora 44 Update: kf6-threadweaver-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 addon for advanced thread management...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007209)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007209 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007191)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007191 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap useafterfree when on...

EUVD-2026-22937

CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function...

CVE-2026-30364

CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function...

CentSDR 安全漏洞

CentSDR is a handheld software-defined radio receiver open-sourced by ttfrftech. There is a security vulnerability in CentSDR, which stems from a stack overflow issue in the Thread1 function...

CVE-2026-30364

CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function...

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

EUVD-2026-22249

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

CVE-2026-2450

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

EUVD-2026-22248

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...