Optimizations in Spring MVC

Spring Fruits Benchmark Abstract Benchmarks are tricky to do well, and the results are often hard to interpret. This analysis attempts to go beyond a simple headline number to explore how performance varies with data set size. The results show that while results might be disappointing for a given...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview @langchain/langgraph-checkpoint-mongodb is a LangGraph Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the list method in the RedisSaver and ShallowRedisSaver classes when...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glibc (SUSE-SU-2026:0371-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0371-1 advisory. Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in...

Security update for glibc

This update for glibc fixes the following issues: Security fixes: CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow bsc1256766. CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in nssdnsgetnetbyaddrr bsc1256822...

PT-2026-5671

Memory Corruption when multiple threads simultaneously access a memory free API...

Azure Linux 3.0 Security Update: kernel (CVE-2024-38667)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38667 advisory. - In the Linux kernel, the following vulnerability has been resolved: riscv: prevent ptregs corruption for...

CVE-2025-68492

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

CVE-2026-22856 FreeRDP has a heap-use-after-free in create_irp_thread

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it. This vulnerability is fixed in 3.20.1...

CVE-2026-22856

FreeRDP (CVE-2026-22856): A race in the serial channel IRP thread tracking can cause a heap-use-after-free when one thread removes an entry from serial->IrpThreads while another reads it. This issue is fixed in FreeRDP 3.20.1. The vulnerability affects pre-3.20.1 releases; no exploitation deta...

Chainlit contains an authorization bypass vulnerability

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

CVE-2025-68492

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

CVE-2025-68492

Chainlit contains an authorization bypass vulnerability (CVE-2025-68492) affecting versions prior to 2.8.5. An attacker who can log in may view threads or obtain thread ownership due to a user-controlled key flaw (CWE-639). Documented impact is limited to those who can authenticate; no exploit sp...

PT-2026-2833

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

CVE-2025-47356

Memory Corruption when multiple threads concurrently access and modify shared resources...

GHSA-5RFX-CP42-P624 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write

A vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the...

CVE-2025-66560

The CVE-2025-66560 entry describes a Quarkus REST HTTP-layer vulnerability where, during response writing, the framework waits for prior chunks to finish transmission. If the client closes the connection mid-wait, the worker thread is not released and becomes blocked, potentially exhausting worke...

PT-2026-1858

Name of the Vulnerable Software and Affected Versions Quarkus versions prior to 3.31.0 Quarkus versions prior to 3.27.2 Quarkus versions prior to 3.20.5 Description Quarkus is a Cloud Native framework for Java applications. A flaw exists in the HTTP layer related to response handling. When writin...

CVE-2025-47356

CVE-2025-47356 describes a memory corruption issue in Qualcomm chipsets triggered by concurrent multi-threaded access to shared resources. The vulnerability affects components where threads concurrently modify shared data, with high impact on confidentiality, integrity, and availability per the C...

CVE-2025-47356 Double Free in Video

Memory Corruption when multiple threads concurrently access and modify shared resources...

CVE-2025-65213

MooreThreads torch_musa is affected. The vulnerability resides in the function compare_for_single_op() / nan_inf_track_for_single_op() in torch_musa.utils.compare_tool , which uses pickle.load() on user-controlled file paths without validation, enabling remote code execution with the victim proce...