libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).

...

CVE-2025-52494

Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...

CVE-2025-52494

Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...

CVE-2025-52494

Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...

TencentOS Server 4: perl (TSSA-2025:0552)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0552 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. A security vulnerability exists in Mattermost version 10.5.8 and earlier, which stems from insufficient access control validation and could lead to a user reading threads via AI posts...

ROS-20250819-07

Xen hypervisor vulnerability is related to mutual blocking of execution threads. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in message board threads and categories. An attacker can execute arbitrary JavaScript code in the context of another user by injecting malicious scripts into these fields. Details Cross-site scripting or XSS is ...

CVE-2025-43731

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows ...

UBUNTU-CVE-2025-38524

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...

CVE-2025-38524 rxrpc: Fix recv-recv race of completed call

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...

CVE-2025-38524 rxrpc: Fix recv-recv race of completed call

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...

MAL-2025-20532 Malicious code in file-alb-um-zip-new-mp3-200499-threads-i0tvt-cdrrmq (npm)

The package file-alb-um-zip-new-mp3-200499-threads-i0tvt-cdrrmq was found to contain malicious code...

EulerOS 2.0 SP11 : perl (EulerOS-SA-2025-1938)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread...

[SECURITY] Fedora 42 Update: glib2-2.84.4-1.fc42

GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system...

PT-2025-35962

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw where reading /proc/kthread/arch status can cause a NULL pointer dereference when CONFIG X86 DEBUG FPU is enabled. This occurs because the AVX-512...

Linux Distros Unpatched Vulnerability : CVE-2020-15681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shar...

Linux Distros Unpatched Vulnerability : CVE-2024-38614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: openrisc: traps: Don't send signals to kernel mode threads OpenRISC exception handling sends...

Linux Distros Unpatched Vulnerability : CVE-2025-40909

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the...

CVE-2025-21456

CVE-2025-21456 affects Qualcomm chipsets where memory corruption can occur during IOCTL processing when multiple threads concurrently map/unmap buffers. The root cause is described as a concurrency issue in handling buffers under IOCTL commands, leading to memory corruption with a high-severity C...