CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added yesterday•2 views

DEBIAN-CVE-2026-57965

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service DoS for the virtua...

5.1CVSS5.7AI score0.00123EPSS

Exploits0References1

9.8CVSS5.7AI score0.00349EPSS

CVE-2026-53260

In the Linux kernel, the following vulnerability has been resolved: tcp: Add preemptdisable,enablenested in reqskqueuehashreq. syzbot reported a weird reqsk-rskrefcnt underflow in inetcskreqskqueuedrop. The captured reqskput in inetcskreqskqueuedrop is called only when it successfully removes req...

7.8CVSS5.7AI score0.0012EPSS

CVE-2026-53276

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix a use-after-free of the hciconn pointer In isosockrebindbc, the bis pointer is cached, then the socket lock is dropped: bis = isopisk-conn-hcon; / Release the socket before lookups since that requires hcidevlo...

5.5CVSS5.7AI score0.00168EPSS

CVE-2026-53144

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix NULL dereference in getqueueids When usrqueueidarray is NULL and numqueues is non-zero, getqueueids returns NULL. The callers check only ISERR on the return value; since ISERRNULL == false the check passes, and...

RedhatCVE•added yesterday•6 views

CVE-2026-53141

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix global performance monitor reference counting In the SETGLOBAL ioctl, v3dperfmonfind bumps the reference count on the perfmon it returns, but v3dperfmonsetglobalioctl and v3dperfmondelete fail to release that referen...

5.5CVSS5.8AI score0.00166EPSS

9.8CVSS6.5AI score0.00422EPSS

CVE-2026-56786

RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decodetype1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream c...

Exploits1References2

7.1CVSS5.8AI score0.00119EPSS

CVE-2026-56788

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table,...

Exploits1References2

5.5CVSS5.7AI score0.00164EPSS

CVE-2026-53272

In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...

7.1CVSS6AI score0.00239EPSS

CVE-2026-56789

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

Exploits1References2

OSV•added yesterday•3 views

CGA-GV54-XM9X-5F8V

Bulletin has no description...

7.3CVSS5.7AI score0.00235EPSS

Exploits0