Skip to main content

CWE-821

Incorrect Synchronization

12 CVEs Avg CVSS 6.0 MITRE
1
CRITICAL
4
HIGH
6
MEDIUM
1
LOW
5
POC
0
KEV

Monthly

CVE-2026-56132 MEDIUM PATCH This Month

Heap-based buffer overflow in libexpat before 2.8.2 allows heap memory corruption in applications that process externally-supplied XML with external entity parameter parsing enabled. The flaw resides in the doProlog function of xmlparse.c, where the scaffold backing array (scaffIndex) - used to index DTD content model tree nodes - is reallocated using the child parser's m_groupSize counter, which diverges from the actual allocated capacity of the shared scaffIndex inherited from the parent parser. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis, but the upstream fix PR includes a functional reproduction test case confirming exploitability.

Buffer Overflow Libexpat Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.9
EPSS
0.1%
CVE-2026-21919 HIGH PATCH This Week

Management daemon deadlock in Juniper Networks Junos OS 23.4-24.4 and Junos OS Evolved enables network-based authenticated attackers to trigger complete management plane denial-of-service via rapid NETCONF session cycling. Vulnerability causes mgd processes to hang in lockf state, exhausting process pool and preventing administrative logins. Recovery requires device power-cycle. Affects deployments using NETCONF management interface with authenticated remote users. No public exploit identified at time of analysis.

Information Disclosure Juniper
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2024-58133 MEDIUM This Month

In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-58132 MEDIUM This Month

In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-58131 MEDIUM POC Monitor

FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Fisco Bcos
NVD GitHub
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-6657 MEDIUM This Month

A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-4278 LOW Monitor

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2024-5755 MEDIUM POC This Month

In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lunary
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-1739 CRITICAL POC PATCH Act Now

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Lunary
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-1902 HIGH POC PATCH This Week

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Lunary
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Heap-based buffer overflow in libexpat before 2.8.2 allows heap memory corruption in applications that process externally-supplied XML with external entity parameter parsing enabled. The flaw resides in the doProlog function of xmlparse.c, where the scaffold backing array (scaffIndex) - used to index DTD content model tree nodes - is reallocated using the child parser's m_groupSize counter, which diverges from the actual allocated capacity of the shared scaffIndex inherited from the parent parser. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis, but the upstream fix PR includes a functional reproduction test case confirming exploitability.

Buffer Overflow Libexpat Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Management daemon deadlock in Juniper Networks Junos OS 23.4-24.4 and Junos OS Evolved enables network-based authenticated attackers to trigger complete management plane denial-of-service via rapid NETCONF session cycling. Vulnerability causes mgd processes to hang in lockf state, exhausting process pool and preventing administrative logins. Recovery requires device power-cycle. Affects deployments using NETCONF management interface with authenticated remote users. No public exploit identified at time of analysis.

Information Disclosure Juniper
NVD VulDB
EPSS 0% CVSS 4.0
MEDIUM This Month

In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 4.0
MEDIUM POC Monitor

FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Fisco Bcos
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
EPSS 0% CVSS 2.7
LOW Monitor

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lunary
NVD
EPSS 1% CVSS 9.1
CRITICAL POC PATCH Act Now

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Lunary
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Lunary
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy