Red Hat
Monthly
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 4.3).
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).
Heap corruption in Google Chrome's Ozone component (versions prior to 145.0.7632.45) stems from a use-after-free vulnerability that can be triggered when users interact with malicious HTML pages through specific UI gestures. An unauthenticated remote attacker can exploit this to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available, leaving affected Chrome users vulnerable to exploitation.
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 6.5).
Google Chrome versions prior to 145.0.7632.45 contain a race condition in DevTools that allows remote attackers to corrupt objects by convincing users to perform specific UI interactions and install a malicious extension. An attacker exploiting this vulnerability could achieve high-impact outcomes including information disclosure, data modification, or denial of service. The vulnerability currently has no available patch.
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 6.5).
Google Chrome versions before 145.0.7632.45 contain an animation implementation flaw that allows remote attackers to exfiltrate cross-origin data through specially crafted HTML pages. The vulnerability requires user interaction to trigger and affects all Chrome users, potentially exposing sensitive information from other websites. No patch is currently available.
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 6.5).
Out of bounds memory access in Google Chrome's WebGPU implementation prior to version 145.0.7632.45 allows unauthenticated attackers to trigger memory corruption through a malicious HTML page. This vulnerability requires user interaction but carries high risk due to potential for arbitrary code execution or information disclosure. No patch is currently available.
Heap buffer overflow in Google Chrome's codec implementation prior to version 145.0.7632.45 enables remote attackers to corrupt heap memory and potentially achieve arbitrary code execution through a malicious HTML page. The vulnerability requires user interaction to visit a crafted webpage but does not require special privileges, affecting all Chrome users. No patch is currently available.
Heap corruption in Google Chrome's CSS engine prior to version 145.0.7632.45 can be triggered through crafted HTML pages, enabling remote attackers to achieve arbitrary code execution without user interaction beyond viewing a malicious webpage. The vulnerability stems from a use-after-free memory flaw that affects all Chrome users, and currently no patch is available. With a CVSS score of 8.8 and low exploit difficulty, this represents a critical risk to active Chrome installations.
Roundcube Webmail versions up to 1.5.13 is affected by inclusion of functionality from untrusted control sphere (CVSS 4.7).
A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long' pattern), sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. [CVSS 5.0 MEDIUM]
Corrupted Git pack and index files are not properly validated in go-git versions before 5.16.5, allowing an attacker to supply malicious packfiles that bypass integrity checks and cause go-git to consume corrupted data. This can result in unexpected application errors and denial of service conditions for any system using the vulnerable go-git library to fetch or process Git repositories. The vulnerability requires user interaction to fetch from a malicious or compromised Git source.
Faraday HTTP client library versions before 2.14.1 fail to properly validate protocol-relative URLs when merging user-supplied paths with base URLs, allowing attackers to redirect requests to arbitrary hosts via SSRF attacks. Applications that pass untrusted input to Faraday request methods like get() or post() are vulnerable to request hijacking. A patch is available in version 2.14.1 and later.
Harden-Runner versions prior to 2.14.2 fail to log outbound network connections made through sendto, sendmsg, and sendmmsg socket calls when audit mode is enabled, allowing attackers to exfiltrate data from GitHub Actions runners without detection. This integrity bypass affects users relying on Harden-Runner's egress policy auditing for security monitoring. A patch is available in version 2.14.2 and later.
A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). [CVSS 5.4 MEDIUM]
FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the audio playback subsystem where the RDPSND async thread processes queued audio packets after the channel has been closed and its internal state freed, causing a denial of service. The vulnerability affects systems running vulnerable FreeRDP versions and can be exploited remotely without authentication or user interaction. A patch is available in FreeRDP 3.22.0 and later.
FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the input event handling mechanism where unsynchronized access to cached channel callbacks can be freed or reinitialized by concurrent channel closure operations. An attacker with network access can trigger a denial of service condition by exploiting this race condition. A patch is available in version 3.22.0 and later.
FreeRDP versions prior to 3.22.0 contain a buffer management error in audio format parsing that causes out-of-bounds memory access when processing malformed audio data. An attacker can exploit this vulnerability over the network without authentication to trigger a denial of service condition. A patch is available in FreeRDP 3.22.0 and later.
FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the URBDRC channel handler where asynchronous bulk transfer completions reference freed memory after channel closure, enabling denial of service attacks. An unauthenticated remote attacker can trigger this condition through malformed RDP protocol messages to crash the FreeRDP service. A patch is available in version 3.22.0 and later.
FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in pointer handling where sdl_Pointer_New and sdl_Pointer_Free both attempt to free the same memory, causing a denial of service condition. An attacker with network access can trigger this memory corruption to crash RDP client instances without authentication. The vulnerability affects all users of vulnerable FreeRDP versions and is resolved in version 3.22.0 and later.
FreeRDP prior to 3.22.0 has a heap buffer overflow in the URBDRC USB redirection client enabling RCE through malicious RDP servers.
FreeRDP prior to 3.22.0 has a use-after-free in ecam_encoder_compress allowing malicious RDP servers to crash or execute code on clients.
FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in audio format renegotiation that allows unauthenticated attackers to cause denial of service by triggering a crash through audio processing. The vulnerability occurs when the AUDIN format list is freed during renegotiation while the capture thread continues accessing the freed memory, affecting any system running vulnerable FreeRDP instances. A patch is available in version 3.22.0 and later.
FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the libusb device interface selection code where error handling prematurely frees configuration data that subsequent code attempts to access, causing denial of service. This vulnerability affects systems using FreeRDP for remote desktop protocol operations and can be triggered remotely without authentication or user interaction. A patch is available in version 3.22.0 and later.
FreeRDP versions prior to 3.22.0 are vulnerable to a use-after-free condition where the video_timer component sends notifications after the control channel closes, dereferencing freed memory and causing denial of service. An unauthenticated remote attacker can trigger this crash by manipulating RDP session timing, making the vulnerability exploitable with no user interaction required. A patch is available in FreeRDP 3.22.0 and later.
FreeRDP proxy versions prior to 3.22.0 are vulnerable to denial of service when processing specially crafted RDP server responses that trigger a null pointer dereference in the logon information handler. An unauthenticated attacker controlling a malicious RDP server can crash the FreeRDP proxy by sending a LogonInfoV2 PDU with empty domain or username fields. This vulnerability has been patched in version 3.22.0 and later.
Go Fiber web framework before 2.52.11 has a weak PRNG vulnerability (on Go < 1.24) that makes session tokens predictable, enabling session hijacking.
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. [CVSS 5.3 MEDIUM]
Nebula is a scalable overlay networking tool. [CVSS 8.1 HIGH]
calibre is an e-book manager. [CVSS 7.8 HIGH]
Calibre 9.1.0 and earlier contains a path traversal vulnerability in EPUB conversion that allows malicious EPUB files to corrupt or modify arbitrary files writable by the Calibre process. The vulnerability exploits improper handling of CipherReference URIs in encryption metadata, enabling attackers to write outside the intended extraction directory. Public exploit code exists for this high-severity issue, which is patched in version 9.2.0.
Remote code execution in Calibre prior to version 9.2.0 through a path traversal flaw in the CHM reader allows local attackers to write arbitrary files with user permissions, enabling payload execution via the Windows Startup folder. Public exploit code exists for this vulnerability. Windows users should upgrade to Calibre 9.2.0 or later to remediate the risk.
The Rust time library versions 0.3.6 through 0.3.46 are vulnerable to denial of service through stack exhaustion when processing maliciously crafted RFC 2822 formatted input. An unauthenticated attacker can trigger recursive parsing of deprecated RFC 2822 features to exhaust stack memory and crash applications using affected versions. A patch implementing recursion depth limits is available in version 0.3.47 and later.
Improper policy enforcement in OpenFGA versions 1.8.5 through 1.11.2 (and corresponding Helm Chart and Docker releases) allows authenticated users to bypass authorization checks through specially crafted tuple configurations that mix type-bound public and non-public access policies. An attacker with valid credentials can exploit mismatched tuple assignments to gain unauthorized access to protected resources by leveraging lexicographic object ID ordering in the authorization engine. No patch is currently available.
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. [CVSS 5.3 MEDIUM]
Html contains a vulnerability that allows attackers to denial of service (DoS) if an attacker provides specially crafted HTML content (CVSS 5.3).
Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. [CVSS 5.5 MEDIUM]
jsonwebtoken prior to version 10.3.0 allows attackers to bypass JWT time-based validation checks through type confusion when standard claims like nbf or exp are provided with incorrect JSON types. The library incorrectly treats malformed claims as absent rather than invalid, enabling bypass of critical security restrictions if validation is enabled but the claim is not explicitly marked as required. Public exploit code exists for this vulnerability.
Denial-of-service in cert-manager versions 1.18.0-1.18.4 and 1.19.0-1.19.2 allows network-adjacent attackers to crash the controller by poisoning DNS cache entries during ACME DNS-01 validation through unencrypted DNS traffic interception. An attacker positioned to intercept DNS queries from the cert-manager pod can inject malicious DNS responses that trigger a panic in the controller, disrupting certificate management operations in affected Kubernetes clusters. A patch is available for immediate deployment.
A denial of service vulnerability in the Linux kernel's writeback mechanism allows local users with standard privileges to cause indefinite hangs in wait_sb_inodes() when interacting with faulty FUSE servers that fail to respond to write requests. The vulnerability stems from improper handling of mappings without data integrity semantics, which should be skipped during synchronization operations but are instead waited upon indefinitely. An attacker controlling a malfunctioning FUSE server can exploit this to freeze system operations that depend on filesystem synchronization.
The Linux kernel USB CAN driver (usb_8dev) fails to properly manage URB memory when USB transfers complete, allowing a local attacker with user privileges to trigger a memory leak and cause a denial of service through resource exhaustion. The vulnerability occurs because completed URBs are unanchored by the USB framework before the callback function executes, preventing proper cleanup during driver shutdown. No patch is currently available for this issue.
In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq.
A use-after-free vulnerability in the Linux kernel's ice driver causes a denial of service when devlink reload is followed by driver removal, as freed HWMON sensor memory is accessed by sysfs attribute handlers. Local users with sufficient privileges can trigger recurring kernel page faults approximately every 10 minutes when system monitoring tools attempt to read the orphaned hwmon attributes. This affects Linux systems with ice network drivers and causes system instability through repeated call traces.
A use-after-free vulnerability in the Linux kernel's netrom subsystem allows local attackers with user privileges to cause a denial of service or potentially execute code by triggering a double-free condition in the nr_route_frame() function when nr_neigh->ax25 is NULL. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available.
A deadlock vulnerability in the Linux kernel's hugetlb file folio migration code allows a local privileged user to cause a denial of service by triggering conflicting lock acquisitions between folio locks and memory mapping semaphores. The vulnerability occurs when migrate_pages() and hugetlbfs_fallocate() operations compete for locks in opposite orders, freezing affected processes. No patch is currently available for this medium-severity issue.
The Linux kernel's uacce subsystem can hang during device cleanup when cdev_device_add fails, as subsequent calls to cdev_device_del attempt to release already-freed memory. Local users with sufficient privileges can trigger a denial of service by causing the device initialization to fail, resulting in a system hang. A patch is not currently available.
The Linux kernel uacce driver improperly validates callback function implementations before creating isolation policy sysfs files, allowing local users with sufficient privileges to trigger a system crash by accessing unimplemented callback functions. This denial of service vulnerability affects systems where device isolation is configured but callback functions are incompletely implemented. No patch is currently available.
CVE-2026-23093 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.
Local stack buffer overflow in the Linux kernel's AD3552R DAC driver allows a local authenticated attacker to write beyond allocated buffer boundaries through improper bounds checking in the ad3552r_hs_write_data_source function. An attacker with local access can trigger out-of-bounds writes on the stack, potentially leading to privilege escalation or denial of service. No patch is currently available for this vulnerability.
The Linux kernel's Intel Trace Hub driver fails to properly release device references during output device operations, leading to resource exhaustion on systems with local access. A local authenticated user can trigger this memory leak through repeated open/close cycles or error conditions, potentially causing denial of service. No patch is currently available for this vulnerability.
The Linux kernel's Slimbus core driver fails to properly release device references when processing report-present messages, leading to a memory leak that can exhaust system resources. A local attacker with user privileges can trigger this leak by causing repeated Slimbus device registration events, potentially causing a denial of service through memory exhaustion. No patch is currently available for this vulnerability.
A use-after-free vulnerability in the Linux kernel's ALSA USB audio mixer can be triggered by local attackers with low privileges when mixer initialization fails, causing the kernel to access freed memory during sound card registration and potentially leading to information disclosure or denial of service. The flaw affects Linux systems with USB audio devices and remains unpatched, exploitable without user interaction after initial access to the system.
Linux kernel null pointer dereference in the tracing subsystem causes a denial of service when synthetic events reference stacktrace fields from other synthetic events. Local users with tracing permissions can trigger a kernel crash by creating chained synthetic events that pass stacktrace data between them. No patch is currently available for this vulnerability.
The GICv3 interrupt controller driver in the Linux kernel on 32-bit systems with CONFIG_ARM_LPAE can truncate physical memory addresses above the 4GB limit when storing them in 32-bit variables, potentially causing system crashes or memory corruption. A local attacker with kernel-level privileges could trigger this condition through memory allocation patterns that force addresses into higher physical memory ranges. This vulnerability affects Linux systems using ARM Large Physical Address Extension with 32-bit address space configurations.
The Intel XWay PHY driver in the Linux kernel fails to properly release device tree node references, causing memory leaks that can degrade system stability over time. Local users with sufficient privileges can trigger this refcount leakage through repeated device tree operations, potentially leading to denial of service conditions as memory resources become exhausted.
Memory leak in Linux kernel CAN USB driver (mcba_usb) allows local attackers with user privileges to exhaust system memory by triggering improper URB cleanup in the USB bulk read callback function. The vulnerability occurs because USB framework unanchors URBs before the completion callback executes, preventing proper deallocation when the device is closed. No patch is currently available.
Memory resource leaks in the Linux kernel's GPIO character device interface allow local users with basic privileges to exhaust system memory through repeated errors in the lineinfo_changed_notify() function. An attacker can trigger this condition without user interaction, potentially causing denial of service through memory exhaustion. No patch is currently available.
A buffer overflow in the Linux kernel's ALSA scarlett2 USB driver allows local attackers with user privileges to corrupt memory and potentially execute code by triggering improper endianness conversion during audio device configuration retrieval. The vulnerability stems from incorrect size validation that causes the function to access more bytes than allocated when processing multiple configuration elements. No patch is currently available for this vulnerability affecting Linux systems with Scarlett audio interfaces.
Linux kernel memory corruption via use-after-free (UAF) in virtual memory area (VMA) handling allows local attackers with user privileges to cause denial of service or potentially execute code by triggering incorrect VMA merges during mremap() operations on faulted and unfaulted memory regions. The vulnerability stems from improper handling of anonymous VMA merges when remapping memory adjacent to unfaulted pages. No patch is currently available for this high-severity issue affecting the Linux kernel.
Out-of-bounds array access in the Linux kernel's ctxfi audio mixer driver allows local attackers with user privileges to read sensitive memory or cause denial of service through improper loop index initialization in the amixer_index() and sum_index() functions. The vulnerability stems from uninitialized conf field handling that enables array bounds bypass with no user interaction required. No patch is currently available for this high-severity issue affecting all Linux distributions.
The Linux kernel esd_usb driver leaks memory in its USB bulk transfer callback function because unanchored URBs are not properly freed during device closure, allowing a local attacker with device access to exhaust kernel memory and cause a denial of service. The vulnerability affects systems using esd_usb CAN interface devices and can be triggered repeatedly through device open/close cycles.
The RSI911x WiFi driver in the Linux kernel fails to allocate sufficient memory for virtual interface driver data, causing out-of-bounds writes to the ieee80211_vif structure and memory corruption. A local attacker with low privileges can exploit this to corrupt kernel memory and potentially execute arbitrary code. No patch is currently available.
A memory leak in the Linux kernel's l2tp_udp_encap_recv() function fails to properly release l2tp_session and l2tp_tunnel structures when protocol version validation fails, allowing a local attacker to exhaust kernel memory and trigger a denial of service. The vulnerability affects all Linux systems running the vulnerable kernel versions, and exploitation requires local access with unprivileged user privileges. No patch is currently available.
The Linux kernel's regmap hwspinlock implementation contains a race condition where concurrent threads accessing a shared spinlock flags variable can corrupt IRQ state, potentially leading to denial of service through system hangs or crashes. A local attacker with sufficient privileges can exploit this condition to cause the kernel to become unresponsive. The vulnerability affects Linux systems and currently has no available patch.
The Linux kernel's OcteonTX2 firmware driver fails to validate firmware data structures before access, causing kernel panics on systems without a MAC block. A local privileged attacker can trigger a denial of service by accessing the uninitialized firmware data region. No patch is currently available for this medium-severity vulnerability.
An integer underflow in the Linux kernel's vsock/virtio credit calculation allows a local attacker with unprivileged access to cause a denial of service by exhausting system resources when the peer shrinks its advertised buffer while data is in flight. The vulnerability enables more data to be queued than the peer can handle, potentially leading to system instability. No patch is currently available for this medium-severity issue.
Double-free vulnerability in the Linux kernel's spi-sprd-adi driver allows local attackers with low privileges to cause a denial of service or potentially execute code by triggering a probe error path that improperly frees the SPI controller structure twice. The vulnerability exists in error handling where devm_spi_register_controller() is paired with manual spi_controller_put() calls, causing the kernel to attempt freeing the same memory region twice when device registration fails. No patch is currently available.
The Linux kernel's ARM IOMMU page table unmapping function returns a signedness-corrupted value when encountering unmapped memory, causing IOVA address overflow that triggers a kernel panic. Local attackers with sufficient privileges can exploit this to cause a denial of service by attempting to unmap invalid IOMMU pages. A patch is not yet available for this medium-severity vulnerability.
A memory leak in the Linux kernel's AMD platform driver allows local authenticated users to exhaust system memory through repeated failures in the WBRF (Wifi Band RFI Mitigation) record function, potentially leading to denial of service. The vulnerability exists in the wbrf_record() function where a temporary buffer allocated via kcalloc() is not properly freed when the acpi_evaluate_dsm() call fails. An attacker with local access and sufficient privileges could trigger this condition multiple times to consume available memory and degrade system performance.
A null pointer dereference in the Linux kernel's net/sched act_ife module allows local users with low privileges to cause a denial of service through a kernel crash when the ife_encode() function fails to validate return values. The vulnerability affects the traffic control scheduling subsystem and requires local access to trigger.
Linux kernel UACCE subsystem is vulnerable to a null pointer dereference that causes a denial of service when queue release and device removal operations execute concurrently during system shutdown. A local attacker with standard user privileges can trigger this condition by forcing accelerator queue cleanup while the device is being removed, crashing the kernel. No patch is currently available.
The hp-bioscfg driver in the Linux kernel contains a null pointer dereference vulnerability triggered by an off-by-one error and missing NULL checks in the GET_INSTANCE_ID macro when accessing BIOS configuration sysfs attributes. Local users with unprivileged access can trigger a kernel panic by reading certain attribute files, causing denial of service during BIOS configuration operations. No patch is currently available for this vulnerability.
The Linux kernel's Kvaser USB CAN driver fails to properly release USB request block (URB) memory in its completion callback, allowing a local attacker with user privileges to cause a denial of service through memory exhaustion. The vulnerability occurs because URBs are unanchored by the USB framework before the completion function executes, preventing proper cleanup during device removal. No patch is currently available for this medium-severity issue.
NGINX proxy configurations forwarding traffic to upstream TLS servers can be exploited by network-positioned attackers to inject unencrypted data into proxied responses, potentially compromising data integrity. This vulnerability affects NGINX OSS, NGINX Plus, and related products when specific upstream server conditions are present. No patch is currently available for this medium-severity issue.
HTTP request smuggling in libsoup allows remote attackers to exploit non-compliant chunk header parsing by injecting malformed requests with LF-only line endings instead of proper CRLF formatting. Without requiring authentication, an attacker can cause libsoup to interpret multiple HTTP requests from a single network message, potentially leading to information disclosure. No patch is currently available for this vulnerability.
Django's HTML truncation functions (chars(), words(), and related template filters) are vulnerable to denial-of-service attacks when processing specially crafted inputs with excessive unmatched HTML end tags. Affected versions include Django 6.0 before 6.0.2, 5.2 before 5.2.11, 4.2 before 4.2.28, and potentially unsupported series 5.0.x, 4.1.x, and 3.2.x. Remote attackers can exploit this to cause service disruptions without requiring authentication or user interaction.
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. [CVSS 7.5 HIGH]
Django versions up to 6.0.2 contains a vulnerability that allows attackers to enumerate users via a timing attack (CVSS 5.3).
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/pager/CodexTablePager.Php. [CVSS 6.1 MEDIUM]
Denial of service in jsPDF prior to version 4.1.0 occurs when malicious BMP files with oversized dimension headers are processed by the addImage or html methods, causing excessive memory allocation and application crashes. Public exploit code exists for this vulnerability. Organizations using jsPDF should upgrade to version 4.1.0 or later to remediate the issue.
Jspdf versions up to 4.1.0 contains a vulnerability that allows attackers to inject arbitrary XML (CVSS 5.4).
jsPDF versions prior to 4.1.0 contain a race condition in the addJS method where a shared module-scoped variable is overwritten during concurrent PDF generation, causing JavaScript payloads and embedded data intended for one user to be included in another user's generated PDF. This cross-user data leakage primarily affects server-side Node.js deployments handling simultaneous requests, allowing attackers to access sensitive information leaked across user sessions. Public exploit code exists for this vulnerability.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandbox.Js. [CVSS 4.7 MEDIUM]
SoupServer's improper handling of HTTP requests combining Transfer-Encoding: chunked and Connection: keep-alive headers enables remote attackers to smuggle malicious requests over persistent connections without authentication. This HTTP request smuggling vulnerability can cause denial-of-service conditions and unintended request processing by exploiting the server's failure to properly close connections per RFC 9112. No patch is currently available.
The idpf driver in the Linux kernel fails to properly clean up flow steering list entries during module removal, resulting in memory leaks when ethtool flow steering rules remain active. A local user with module removal privileges can trigger this memory exhaustion condition. No patch is currently available for this medium-severity vulnerability.
The Linux kernel's idpf driver fails to properly free the vport->rx_ptype_lkup memory during virtual port reset operations, resulting in a memory leak that could degrade system performance or cause denial of service on affected systems. A local attacker with sufficient privileges could trigger repeated reset cycles to exhaust available kernel memory. No patch is currently available for this vulnerability.
The Linux kernel's idpf driver fails to free the hw->lan_regs memory allocation during core deinitialization, resulting in a memory leak that can degrade system stability during driver reset operations. Local users with sufficient privileges can trigger this leak repeatedly through driver reset cycles, potentially leading to denial of service through memory exhaustion. A patch is not currently available for this medium-severity vulnerability.
The pegasus USB driver in Linux kernel fails to properly release memory when asynchronous device register writes encounter USB submission failures, leading to memory exhaustion. A local attacker with user-level access can trigger this leak by causing USB operations to fail, potentially degrading system performance or causing denial of service. A patch is available to address the resource cleanup issue.
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 4.3).
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).
Heap corruption in Google Chrome's Ozone component (versions prior to 145.0.7632.45) stems from a use-after-free vulnerability that can be triggered when users interact with malicious HTML pages through specific UI gestures. An unauthenticated remote attacker can exploit this to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available, leaving affected Chrome users vulnerable to exploitation.
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 6.5).
Google Chrome versions prior to 145.0.7632.45 contain a race condition in DevTools that allows remote attackers to corrupt objects by convincing users to perform specific UI interactions and install a malicious extension. An attacker exploiting this vulnerability could achieve high-impact outcomes including information disclosure, data modification, or denial of service. The vulnerability currently has no available patch.
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 6.5).
Google Chrome versions before 145.0.7632.45 contain an animation implementation flaw that allows remote attackers to exfiltrate cross-origin data through specially crafted HTML pages. The vulnerability requires user interaction to trigger and affects all Chrome users, potentially exposing sensitive information from other websites. No patch is currently available.
Chrome versions up to 145.0.7632.45 is affected by user interface (ui) misrepresentation of critical information (CVSS 6.5).
Out of bounds memory access in Google Chrome's WebGPU implementation prior to version 145.0.7632.45 allows unauthenticated attackers to trigger memory corruption through a malicious HTML page. This vulnerability requires user interaction but carries high risk due to potential for arbitrary code execution or information disclosure. No patch is currently available.
Heap buffer overflow in Google Chrome's codec implementation prior to version 145.0.7632.45 enables remote attackers to corrupt heap memory and potentially achieve arbitrary code execution through a malicious HTML page. The vulnerability requires user interaction to visit a crafted webpage but does not require special privileges, affecting all Chrome users. No patch is currently available.
Heap corruption in Google Chrome's CSS engine prior to version 145.0.7632.45 can be triggered through crafted HTML pages, enabling remote attackers to achieve arbitrary code execution without user interaction beyond viewing a malicious webpage. The vulnerability stems from a use-after-free memory flaw that affects all Chrome users, and currently no patch is available. With a CVSS score of 8.8 and low exploit difficulty, this represents a critical risk to active Chrome installations.
Roundcube Webmail versions up to 1.5.13 is affected by inclusion of functionality from untrusted control sphere (CVSS 4.7).
A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long' pattern), sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. [CVSS 5.0 MEDIUM]
Corrupted Git pack and index files are not properly validated in go-git versions before 5.16.5, allowing an attacker to supply malicious packfiles that bypass integrity checks and cause go-git to consume corrupted data. This can result in unexpected application errors and denial of service conditions for any system using the vulnerable go-git library to fetch or process Git repositories. The vulnerability requires user interaction to fetch from a malicious or compromised Git source.
Faraday HTTP client library versions before 2.14.1 fail to properly validate protocol-relative URLs when merging user-supplied paths with base URLs, allowing attackers to redirect requests to arbitrary hosts via SSRF attacks. Applications that pass untrusted input to Faraday request methods like get() or post() are vulnerable to request hijacking. A patch is available in version 2.14.1 and later.
Harden-Runner versions prior to 2.14.2 fail to log outbound network connections made through sendto, sendmsg, and sendmmsg socket calls when audit mode is enabled, allowing attackers to exfiltrate data from GitHub Actions runners without detection. This integrity bypass affects users relying on Harden-Runner's egress policy auditing for security monitoring. A patch is available in version 2.14.2 and later.
A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). [CVSS 5.4 MEDIUM]
FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the audio playback subsystem where the RDPSND async thread processes queued audio packets after the channel has been closed and its internal state freed, causing a denial of service. The vulnerability affects systems running vulnerable FreeRDP versions and can be exploited remotely without authentication or user interaction. A patch is available in FreeRDP 3.22.0 and later.
FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the input event handling mechanism where unsynchronized access to cached channel callbacks can be freed or reinitialized by concurrent channel closure operations. An attacker with network access can trigger a denial of service condition by exploiting this race condition. A patch is available in version 3.22.0 and later.
FreeRDP versions prior to 3.22.0 contain a buffer management error in audio format parsing that causes out-of-bounds memory access when processing malformed audio data. An attacker can exploit this vulnerability over the network without authentication to trigger a denial of service condition. A patch is available in FreeRDP 3.22.0 and later.
FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the URBDRC channel handler where asynchronous bulk transfer completions reference freed memory after channel closure, enabling denial of service attacks. An unauthenticated remote attacker can trigger this condition through malformed RDP protocol messages to crash the FreeRDP service. A patch is available in version 3.22.0 and later.
FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in pointer handling where sdl_Pointer_New and sdl_Pointer_Free both attempt to free the same memory, causing a denial of service condition. An attacker with network access can trigger this memory corruption to crash RDP client instances without authentication. The vulnerability affects all users of vulnerable FreeRDP versions and is resolved in version 3.22.0 and later.
FreeRDP prior to 3.22.0 has a heap buffer overflow in the URBDRC USB redirection client enabling RCE through malicious RDP servers.
FreeRDP prior to 3.22.0 has a use-after-free in ecam_encoder_compress allowing malicious RDP servers to crash or execute code on clients.
FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in audio format renegotiation that allows unauthenticated attackers to cause denial of service by triggering a crash through audio processing. The vulnerability occurs when the AUDIN format list is freed during renegotiation while the capture thread continues accessing the freed memory, affecting any system running vulnerable FreeRDP instances. A patch is available in version 3.22.0 and later.
FreeRDP versions prior to 3.22.0 contain a use-after-free vulnerability in the libusb device interface selection code where error handling prematurely frees configuration data that subsequent code attempts to access, causing denial of service. This vulnerability affects systems using FreeRDP for remote desktop protocol operations and can be triggered remotely without authentication or user interaction. A patch is available in version 3.22.0 and later.
FreeRDP versions prior to 3.22.0 are vulnerable to a use-after-free condition where the video_timer component sends notifications after the control channel closes, dereferencing freed memory and causing denial of service. An unauthenticated remote attacker can trigger this crash by manipulating RDP session timing, making the vulnerability exploitable with no user interaction required. A patch is available in FreeRDP 3.22.0 and later.
FreeRDP proxy versions prior to 3.22.0 are vulnerable to denial of service when processing specially crafted RDP server responses that trigger a null pointer dereference in the logon information handler. An unauthenticated attacker controlling a malicious RDP server can crash the FreeRDP proxy by sending a LogonInfoV2 PDU with empty domain or username fields. This vulnerability has been patched in version 3.22.0 and later.
Go Fiber web framework before 2.52.11 has a weak PRNG vulnerability (on Go < 1.24) that makes session tokens predictable, enabling session hijacking.
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. [CVSS 5.3 MEDIUM]
Nebula is a scalable overlay networking tool. [CVSS 8.1 HIGH]
calibre is an e-book manager. [CVSS 7.8 HIGH]
Calibre 9.1.0 and earlier contains a path traversal vulnerability in EPUB conversion that allows malicious EPUB files to corrupt or modify arbitrary files writable by the Calibre process. The vulnerability exploits improper handling of CipherReference URIs in encryption metadata, enabling attackers to write outside the intended extraction directory. Public exploit code exists for this high-severity issue, which is patched in version 9.2.0.
Remote code execution in Calibre prior to version 9.2.0 through a path traversal flaw in the CHM reader allows local attackers to write arbitrary files with user permissions, enabling payload execution via the Windows Startup folder. Public exploit code exists for this vulnerability. Windows users should upgrade to Calibre 9.2.0 or later to remediate the risk.
The Rust time library versions 0.3.6 through 0.3.46 are vulnerable to denial of service through stack exhaustion when processing maliciously crafted RFC 2822 formatted input. An unauthenticated attacker can trigger recursive parsing of deprecated RFC 2822 features to exhaust stack memory and crash applications using affected versions. A patch implementing recursion depth limits is available in version 0.3.47 and later.
Improper policy enforcement in OpenFGA versions 1.8.5 through 1.11.2 (and corresponding Helm Chart and Docker releases) allows authenticated users to bypass authorization checks through specially crafted tuple configurations that mix type-bound public and non-public access policies. An attacker with valid credentials can exploit mismatched tuple assignments to gain unauthorized access to protected resources by leveraging lexicographic object ID ordering in the authorization engine. No patch is currently available.
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. [CVSS 5.3 MEDIUM]
Html contains a vulnerability that allows attackers to denial of service (DoS) if an attacker provides specially crafted HTML content (CVSS 5.3).
Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. [CVSS 5.5 MEDIUM]
jsonwebtoken prior to version 10.3.0 allows attackers to bypass JWT time-based validation checks through type confusion when standard claims like nbf or exp are provided with incorrect JSON types. The library incorrectly treats malformed claims as absent rather than invalid, enabling bypass of critical security restrictions if validation is enabled but the claim is not explicitly marked as required. Public exploit code exists for this vulnerability.
Denial-of-service in cert-manager versions 1.18.0-1.18.4 and 1.19.0-1.19.2 allows network-adjacent attackers to crash the controller by poisoning DNS cache entries during ACME DNS-01 validation through unencrypted DNS traffic interception. An attacker positioned to intercept DNS queries from the cert-manager pod can inject malicious DNS responses that trigger a panic in the controller, disrupting certificate management operations in affected Kubernetes clusters. A patch is available for immediate deployment.
A denial of service vulnerability in the Linux kernel's writeback mechanism allows local users with standard privileges to cause indefinite hangs in wait_sb_inodes() when interacting with faulty FUSE servers that fail to respond to write requests. The vulnerability stems from improper handling of mappings without data integrity semantics, which should be skipped during synchronization operations but are instead waited upon indefinitely. An attacker controlling a malfunctioning FUSE server can exploit this to freeze system operations that depend on filesystem synchronization.
The Linux kernel USB CAN driver (usb_8dev) fails to properly manage URB memory when USB transfers complete, allowing a local attacker with user privileges to trigger a memory leak and cause a denial of service through resource exhaustion. The vulnerability occurs because completed URBs are unanchored by the USB framework before the callback function executes, preventing proper cleanup during driver shutdown. No patch is currently available for this issue.
In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq.
A use-after-free vulnerability in the Linux kernel's ice driver causes a denial of service when devlink reload is followed by driver removal, as freed HWMON sensor memory is accessed by sysfs attribute handlers. Local users with sufficient privileges can trigger recurring kernel page faults approximately every 10 minutes when system monitoring tools attempt to read the orphaned hwmon attributes. This affects Linux systems with ice network drivers and causes system instability through repeated call traces.
A use-after-free vulnerability in the Linux kernel's netrom subsystem allows local attackers with user privileges to cause a denial of service or potentially execute code by triggering a double-free condition in the nr_route_frame() function when nr_neigh->ax25 is NULL. The vulnerability requires local access and user-level privileges to exploit, with no patch currently available.
A deadlock vulnerability in the Linux kernel's hugetlb file folio migration code allows a local privileged user to cause a denial of service by triggering conflicting lock acquisitions between folio locks and memory mapping semaphores. The vulnerability occurs when migrate_pages() and hugetlbfs_fallocate() operations compete for locks in opposite orders, freezing affected processes. No patch is currently available for this medium-severity issue.
The Linux kernel's uacce subsystem can hang during device cleanup when cdev_device_add fails, as subsequent calls to cdev_device_del attempt to release already-freed memory. Local users with sufficient privileges can trigger a denial of service by causing the device initialization to fail, resulting in a system hang. A patch is not currently available.
The Linux kernel uacce driver improperly validates callback function implementations before creating isolation policy sysfs files, allowing local users with sufficient privileges to trigger a system crash by accessing unimplemented callback functions. This denial of service vulnerability affects systems where device isolation is configured but callback functions are incompletely implemented. No patch is currently available.
CVE-2026-23093 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.
Local stack buffer overflow in the Linux kernel's AD3552R DAC driver allows a local authenticated attacker to write beyond allocated buffer boundaries through improper bounds checking in the ad3552r_hs_write_data_source function. An attacker with local access can trigger out-of-bounds writes on the stack, potentially leading to privilege escalation or denial of service. No patch is currently available for this vulnerability.
The Linux kernel's Intel Trace Hub driver fails to properly release device references during output device operations, leading to resource exhaustion on systems with local access. A local authenticated user can trigger this memory leak through repeated open/close cycles or error conditions, potentially causing denial of service. No patch is currently available for this vulnerability.
The Linux kernel's Slimbus core driver fails to properly release device references when processing report-present messages, leading to a memory leak that can exhaust system resources. A local attacker with user privileges can trigger this leak by causing repeated Slimbus device registration events, potentially causing a denial of service through memory exhaustion. No patch is currently available for this vulnerability.
A use-after-free vulnerability in the Linux kernel's ALSA USB audio mixer can be triggered by local attackers with low privileges when mixer initialization fails, causing the kernel to access freed memory during sound card registration and potentially leading to information disclosure or denial of service. The flaw affects Linux systems with USB audio devices and remains unpatched, exploitable without user interaction after initial access to the system.
Linux kernel null pointer dereference in the tracing subsystem causes a denial of service when synthetic events reference stacktrace fields from other synthetic events. Local users with tracing permissions can trigger a kernel crash by creating chained synthetic events that pass stacktrace data between them. No patch is currently available for this vulnerability.
The GICv3 interrupt controller driver in the Linux kernel on 32-bit systems with CONFIG_ARM_LPAE can truncate physical memory addresses above the 4GB limit when storing them in 32-bit variables, potentially causing system crashes or memory corruption. A local attacker with kernel-level privileges could trigger this condition through memory allocation patterns that force addresses into higher physical memory ranges. This vulnerability affects Linux systems using ARM Large Physical Address Extension with 32-bit address space configurations.
The Intel XWay PHY driver in the Linux kernel fails to properly release device tree node references, causing memory leaks that can degrade system stability over time. Local users with sufficient privileges can trigger this refcount leakage through repeated device tree operations, potentially leading to denial of service conditions as memory resources become exhausted.
Memory leak in Linux kernel CAN USB driver (mcba_usb) allows local attackers with user privileges to exhaust system memory by triggering improper URB cleanup in the USB bulk read callback function. The vulnerability occurs because USB framework unanchors URBs before the completion callback executes, preventing proper deallocation when the device is closed. No patch is currently available.
Memory resource leaks in the Linux kernel's GPIO character device interface allow local users with basic privileges to exhaust system memory through repeated errors in the lineinfo_changed_notify() function. An attacker can trigger this condition without user interaction, potentially causing denial of service through memory exhaustion. No patch is currently available.
A buffer overflow in the Linux kernel's ALSA scarlett2 USB driver allows local attackers with user privileges to corrupt memory and potentially execute code by triggering improper endianness conversion during audio device configuration retrieval. The vulnerability stems from incorrect size validation that causes the function to access more bytes than allocated when processing multiple configuration elements. No patch is currently available for this vulnerability affecting Linux systems with Scarlett audio interfaces.
Linux kernel memory corruption via use-after-free (UAF) in virtual memory area (VMA) handling allows local attackers with user privileges to cause denial of service or potentially execute code by triggering incorrect VMA merges during mremap() operations on faulted and unfaulted memory regions. The vulnerability stems from improper handling of anonymous VMA merges when remapping memory adjacent to unfaulted pages. No patch is currently available for this high-severity issue affecting the Linux kernel.
Out-of-bounds array access in the Linux kernel's ctxfi audio mixer driver allows local attackers with user privileges to read sensitive memory or cause denial of service through improper loop index initialization in the amixer_index() and sum_index() functions. The vulnerability stems from uninitialized conf field handling that enables array bounds bypass with no user interaction required. No patch is currently available for this high-severity issue affecting all Linux distributions.
The Linux kernel esd_usb driver leaks memory in its USB bulk transfer callback function because unanchored URBs are not properly freed during device closure, allowing a local attacker with device access to exhaust kernel memory and cause a denial of service. The vulnerability affects systems using esd_usb CAN interface devices and can be triggered repeatedly through device open/close cycles.
The RSI911x WiFi driver in the Linux kernel fails to allocate sufficient memory for virtual interface driver data, causing out-of-bounds writes to the ieee80211_vif structure and memory corruption. A local attacker with low privileges can exploit this to corrupt kernel memory and potentially execute arbitrary code. No patch is currently available.
A memory leak in the Linux kernel's l2tp_udp_encap_recv() function fails to properly release l2tp_session and l2tp_tunnel structures when protocol version validation fails, allowing a local attacker to exhaust kernel memory and trigger a denial of service. The vulnerability affects all Linux systems running the vulnerable kernel versions, and exploitation requires local access with unprivileged user privileges. No patch is currently available.
The Linux kernel's regmap hwspinlock implementation contains a race condition where concurrent threads accessing a shared spinlock flags variable can corrupt IRQ state, potentially leading to denial of service through system hangs or crashes. A local attacker with sufficient privileges can exploit this condition to cause the kernel to become unresponsive. The vulnerability affects Linux systems and currently has no available patch.
The Linux kernel's OcteonTX2 firmware driver fails to validate firmware data structures before access, causing kernel panics on systems without a MAC block. A local privileged attacker can trigger a denial of service by accessing the uninitialized firmware data region. No patch is currently available for this medium-severity vulnerability.
An integer underflow in the Linux kernel's vsock/virtio credit calculation allows a local attacker with unprivileged access to cause a denial of service by exhausting system resources when the peer shrinks its advertised buffer while data is in flight. The vulnerability enables more data to be queued than the peer can handle, potentially leading to system instability. No patch is currently available for this medium-severity issue.
Double-free vulnerability in the Linux kernel's spi-sprd-adi driver allows local attackers with low privileges to cause a denial of service or potentially execute code by triggering a probe error path that improperly frees the SPI controller structure twice. The vulnerability exists in error handling where devm_spi_register_controller() is paired with manual spi_controller_put() calls, causing the kernel to attempt freeing the same memory region twice when device registration fails. No patch is currently available.
The Linux kernel's ARM IOMMU page table unmapping function returns a signedness-corrupted value when encountering unmapped memory, causing IOVA address overflow that triggers a kernel panic. Local attackers with sufficient privileges can exploit this to cause a denial of service by attempting to unmap invalid IOMMU pages. A patch is not yet available for this medium-severity vulnerability.
A memory leak in the Linux kernel's AMD platform driver allows local authenticated users to exhaust system memory through repeated failures in the WBRF (Wifi Band RFI Mitigation) record function, potentially leading to denial of service. The vulnerability exists in the wbrf_record() function where a temporary buffer allocated via kcalloc() is not properly freed when the acpi_evaluate_dsm() call fails. An attacker with local access and sufficient privileges could trigger this condition multiple times to consume available memory and degrade system performance.
A null pointer dereference in the Linux kernel's net/sched act_ife module allows local users with low privileges to cause a denial of service through a kernel crash when the ife_encode() function fails to validate return values. The vulnerability affects the traffic control scheduling subsystem and requires local access to trigger.
Linux kernel UACCE subsystem is vulnerable to a null pointer dereference that causes a denial of service when queue release and device removal operations execute concurrently during system shutdown. A local attacker with standard user privileges can trigger this condition by forcing accelerator queue cleanup while the device is being removed, crashing the kernel. No patch is currently available.
The hp-bioscfg driver in the Linux kernel contains a null pointer dereference vulnerability triggered by an off-by-one error and missing NULL checks in the GET_INSTANCE_ID macro when accessing BIOS configuration sysfs attributes. Local users with unprivileged access can trigger a kernel panic by reading certain attribute files, causing denial of service during BIOS configuration operations. No patch is currently available for this vulnerability.
The Linux kernel's Kvaser USB CAN driver fails to properly release USB request block (URB) memory in its completion callback, allowing a local attacker with user privileges to cause a denial of service through memory exhaustion. The vulnerability occurs because URBs are unanchored by the USB framework before the completion function executes, preventing proper cleanup during device removal. No patch is currently available for this medium-severity issue.
NGINX proxy configurations forwarding traffic to upstream TLS servers can be exploited by network-positioned attackers to inject unencrypted data into proxied responses, potentially compromising data integrity. This vulnerability affects NGINX OSS, NGINX Plus, and related products when specific upstream server conditions are present. No patch is currently available for this medium-severity issue.
HTTP request smuggling in libsoup allows remote attackers to exploit non-compliant chunk header parsing by injecting malformed requests with LF-only line endings instead of proper CRLF formatting. Without requiring authentication, an attacker can cause libsoup to interpret multiple HTTP requests from a single network message, potentially leading to information disclosure. No patch is currently available for this vulnerability.
Django's HTML truncation functions (chars(), words(), and related template filters) are vulnerable to denial-of-service attacks when processing specially crafted inputs with excessive unmatched HTML end tags. Affected versions include Django 6.0 before 6.0.2, 5.2 before 5.2.11, 4.2 before 4.2.28, and potentially unsupported series 5.0.x, 4.1.x, and 3.2.x. Remote attackers can exploit this to cause service disruptions without requiring authentication or user interaction.
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. [CVSS 7.5 HIGH]
Django versions up to 6.0.2 contains a vulnerability that allows attackers to enumerate users via a timing attack (CVSS 5.3).
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/pager/CodexTablePager.Php. [CVSS 6.1 MEDIUM]
Denial of service in jsPDF prior to version 4.1.0 occurs when malicious BMP files with oversized dimension headers are processed by the addImage or html methods, causing excessive memory allocation and application crashes. Public exploit code exists for this vulnerability. Organizations using jsPDF should upgrade to version 4.1.0 or later to remediate the issue.
Jspdf versions up to 4.1.0 contains a vulnerability that allows attackers to inject arbitrary XML (CVSS 5.4).
jsPDF versions prior to 4.1.0 contain a race condition in the addJS method where a shared module-scoped variable is overwritten during concurrent PDF generation, causing JavaScript payloads and embedded data intended for one user to be included in another user's generated PDF. This cross-user data leakage primarily affects server-side Node.js deployments handling simultaneous requests, allowing attackers to access sensitive information leaked across user sessions. Public exploit code exists for this vulnerability.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandbox.Js. [CVSS 4.7 MEDIUM]
SoupServer's improper handling of HTTP requests combining Transfer-Encoding: chunked and Connection: keep-alive headers enables remote attackers to smuggle malicious requests over persistent connections without authentication. This HTTP request smuggling vulnerability can cause denial-of-service conditions and unintended request processing by exploiting the server's failure to properly close connections per RFC 9112. No patch is currently available.
The idpf driver in the Linux kernel fails to properly clean up flow steering list entries during module removal, resulting in memory leaks when ethtool flow steering rules remain active. A local user with module removal privileges can trigger this memory exhaustion condition. No patch is currently available for this medium-severity vulnerability.
The Linux kernel's idpf driver fails to properly free the vport->rx_ptype_lkup memory during virtual port reset operations, resulting in a memory leak that could degrade system performance or cause denial of service on affected systems. A local attacker with sufficient privileges could trigger repeated reset cycles to exhaust available kernel memory. No patch is currently available for this vulnerability.
The Linux kernel's idpf driver fails to free the hw->lan_regs memory allocation during core deinitialization, resulting in a memory leak that can degrade system stability during driver reset operations. Local users with sufficient privileges can trigger this leak repeatedly through driver reset cycles, potentially leading to denial of service through memory exhaustion. A patch is not currently available for this medium-severity vulnerability.
The pegasus USB driver in Linux kernel fails to properly release memory when asynchronous device register writes encounter USB submission failures, leading to memory exhaustion. A local attacker with user-level access can trigger this leak by causing USB operations to fail, potentially degrading system performance or causing denial of service. A patch is available to address the resource cleanup issue.