CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/05/04 1:43 a.m.•9 views

Malicious code in temhe-dev (npm)

5.8AI score

Snyk•added 2026/05/04 1:43 a.m.•1 views

Malicious Package

Overview temhe-dev is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score

5.5CVSS5.7AI score0.00147EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mac80211: Fixed a deadlock issue in AP/VLAN handling. Syzbot reports that when APVLAN interfaces are active, closing the AP interface they belong to can lead to a deadlock. This isn’t surprising—since we use devclose to handle...

5.5CVSS5.2AI score0.00087EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fixed deadlock issues during suspend and resume operations. When an application sends a query IOCTL while auto suspend is in progress, a deadlock can occur. The query process first acquires devlock, then calls...

5.5CVSS5.8AI score0.00245EPSS

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: dev: check the return value when calling devsetname If devsetname fails, the devname will be null. Check the return value of devsetname to avoid a null-ptr-deref...

7.8CVSS7.4AI score0.00658EPSS

Astra Linux – Vulnerability in multipath-tools

Multipath-tools versions 0.7.7 through 0.9.x, prior to 0.9.2, allowed local users to obtain root access. This vulnerability was exploited in conjunction with CVE-2022-41974. Local users who had access to /dev/shm could modify symlinks within multipathd due to incorrect symlink handling. This coul...

Exploits4References2

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A vulnerability was discovered in vhostnewmsg in drivers/vhost/vhost.c within the Linux kernel. This issue arises due to the improper initialization of memory in messages transmitted between virtual guests and the host operating system, as implemented in the vhostnewmsg function. This vulnerabili...

5.5CVSS6.6AI score0.00236EPSS

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ipvs: fixed the NULL pointer dereference in the route error path of ipv4 null-ptr-deref. The IPv4 code path in ipvsgetoutrt calls dstlinkfailure, without ensuring that skb-dev is set. This leads to a NULL pointer dereference in...

5.4AI score0.00173EPSS

7.8CVSS5.4AI score0.00136EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - In fuse: Access to the “folio” field was blocked due to an overflow issue. - syz reported a slab-out-of-bounds Write operation in fusedevdowrite. When the number of bytes to be retrieved is truncated to the upper limit by...

5.5CVSS5.3AI score0.00195EPSS

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: A possible memory leak has been fixed in btrfsgetdevargsfrompath. In btrfsgetdevargsfrompath, btrfsgetbdevandsb may fail if the path is invalid. In such cases, btrfsgetdevargsfrompath returns directly without freeing the...

7CVSS5.6AI score0.00191EPSS

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Net: Bridge – Use DEVSTATSINC The syzbot/KCSAN reported a data race in the brhandleframefinish function 1. This function can be executed on multiple CPUs without mutual exclusion. It is recommended to use the SMP-safe DEVSTATSINC...

5.5CVSS6.3AI score0.00143EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: BTRFS: Do not attempt to replace the rwsem on a task that already holds it. By running fstests btrfs/011 with MKFSOPTIONS="-O rst" to force the use of the RAID stripe-tree, we obtain the following error from lockdep: BTRFS inf...

5.5CVSS5.5AI score0.00156EPSS

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: mt6797-mt6351 – Fixed the refcount leak in mt6797mt6351devprobe. The ofparsephandle function returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. Add th...

5.5CVSS5.3AI score0.00146EPSS

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fbinfo.dev. Do not assign the Linux device to struct fbinfo.dev. The call to registerframebuffer initializes the field to the fbdev device. Drivers should not override its value. Fixed a b...

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fixed a potential memory leak in devmrtcallocatedevice devmrtcallocatedevice will first allocate an rtcdevice, and then call devsetname. If devsetname fails, the rtcdevice will cause a memory leak. We’ve moved...

5.5CVSS5.3AI score0.0014EPSS

7.8CVSS6.3AI score0.00212EPSS

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: msft: fixed a slab-use-after-free in msftdoclose By tying the lifetime of msft-data to hdev by freeing it in hcireleasedev, the following issue was addressed: Use msftdoclose msft = hdev-msftdata; if !msft ...1...