9455 matches found
CVE-2026-23071
In the Linux kernel, the following vulnerability has been resolved: regmap: Fix race condition in hwspinlock irqsave routine Previously, the address of the shared member '&map-spinlockflags' was passed directly to 'hwspinlocktimeoutirqsave'. This creates a race condition where multiple contexts...
UBUNTU-CVE-2026-23084
In the Linux kernel, the following vulnerability has been resolved: be2net: Fix NULL pointer dereference in becmdgetmacfromlist When the parameter pmacidvalid argument of becmdgetmacfromlist is set to false, the driver may request the PMACID from the firmware of the network card, and this functio...
CVE-2026-23084 be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
In the Linux kernel, the following vulnerability has been resolved: be2net: Fix NULL pointer dereference in becmdgetmacfromlist When the parameter pmacidvalid argument of becmdgetmacfromlist is set to false, the driver may request the PMACID from the firmware of the network card, and this functio...
CVE-2026-23071 regmap: Fix race condition in hwspinlock irqsave routine
In the Linux kernel, the following vulnerability has been resolved: regmap: Fix race condition in hwspinlock irqsave routine Previously, the address of the shared member '&map-spinlockflags' was passed directly to 'hwspinlocktimeoutirqsave'. This creates a race condition where multiple contexts...
CVE-2026-24051
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...
K000159869: Telnetd vulnerability CVE-2026-24061
Security Advisory Description Telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable. CVE-2026-24061 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...
BIT-KYVERNO-2026-23881 Kyverno Denial of Service via Context Variable Amplification in Policy Engine
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially...
CVE-2025-58381
A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...
Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user can execute arbitrary commands within the container context ...
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
Summary A Command Injection vulnerability existed in Clawdbot’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the...
GHSA-MC68-Q9JW-2H3V OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
Summary A Command Injection vulnerability existed in Clawdbot’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the...
CVE-2026-24040
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable text to store JavaScript content. When used in a concurrent environment e.g., a Node.js web server, this variable is shared across all requests. ...
GO-2026-4382 Kyverno Denial of Service via Context Variable Amplification in Policy Engine in github.com/kyverno/kyverno
Kyverno Denial of Service via Context Variable Amplification in Policy Engine in github.com/kyverno/kyverno...
CVE-2026-24040
The CVE-2026-24040 issue affects jspdf in versions prior to 4.1.0, where the addJS method uses a module-scoped shared variable to store JavaScript content. In concurrent environments (notably Node.js servers), this shared state can be overwritten by simultaneous requests, causing cross-user data ...
CVE-2026-24040
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable text to store JavaScript content. When used in a concurrent environment e.g., a Node.js web server, this variable is shared across all requests. ...
CVE-2026-24051
OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition in the addJS function due to the use of a shared module-scoped variable for storing JavaScript content. An attacker can cause sensitive data intended for one user to be included in another user's PDF by making concurrent...
jsPDF has Shared State Race Condition in addJS Plugin
Impact The addJS method in the jspdf Node.js build utilizes a shared module-scoped variable text to store JavaScript content. When used in a concurrent environment e.g., a Node.js web server, this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the...
PT-2026-5716
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable text to store JavaScript content. When used in a concurrent environment e.g., a Node.js web server, this variable is shared across all requests. ...
PT-2026-6409
Impact The addJS method in the jspdf Node.js build utilizes a shared module-scoped variable text to store JavaScript content. When used in a concurrent environment e.g., a Node.js web server, this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the...