Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4481 matches found

CVE
CVEadded 2026/02/04 4:8 p.m.15 views

CVE-2026-23108

The CVE-2026-23108 issue concerns the Linux kernel CAN driver can: usb_8dev. The vulnerability arises from URBs used for USB in transfers in usb_8dev_open()/usb_8dev_start() being anchored to priv->rx_submitted, then re-submitted in usb_8dev_read_bulk_callback(), but the USB framework unanchor...

5.5CVSS5.2AI score0.00127EPSS
Exploits0References7Affected Software1
Nuclei
Nucleiadded 2026/02/04 7:0 a.m.9 views

Vite - Information Disclosure

Vite is a frontend tooling framework for JavaScript.In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended wi...

6CVSS7.2AI score0.01031EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2026/02/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-23099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bonding: limit BONDMODE8023AD to Ethernet devices BONDMODE8023AD makes sense for ARPHRDETHER only. syzbot reported: BUG: KASAN: global-out-of-bounds in...

7.1CVSS5.4AI score0.00152EPSS
Exploits0References4
NVD
NVDadded 2026/02/03 7:16 p.m.6 views

CVE-2026-25503

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values causin...

7.1CVSS0.00253EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/02/03 2:8 p.m.2 views

CVE-2026-24998

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through = 7.8.9.2...

5.4AI score0.00197EPSS
Exploits0References2
vulnersOsv
vulnersOsvadded 2026/02/02 8:17 p.m.4 views

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-25142 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-25142 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15182636...

10CVSS5.8AI score0.01091EPSS
Exploits1
Redos
Redosadded 2026/02/02 12:0 a.m.5 views

ROS-20260202-73-0054

A vulnerability in the dev.c component of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.5CVSS5.4AI score0.00244EPSS
Exploits0
RedHat Linux
RedHat Linuxadded 2026/01/30 3:14 p.m.2 views

runc: container escape with malicious config due to /dev/console mount and related races

A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount to /dev/pts/$n, if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount...

8.4CVSS5.7AI score0.00526EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2026/01/30 3:14 p.m.3 views

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

7.8CVSS5.8AI score0.00673EPSS
Exploits2References5
Snyk
Snykadded 2026/01/28 4:33 p.m.1 views

Malicious Package

Overview editions-dev-workshop is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/01/28 12:27 a.m.4 views

CVE-2026-24852

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the strlen function attempts to read a non-null-terminated buffer potentially leaking heap memory...

6.1CVSS6AI score0.00249EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVEadded 2026/01/28 12:25 a.m.3 views

SUSE CVE-2026-22988

In the Linux kernel, the following vulnerability has been resolved: arp: do not assume devhardheader does not change skb-head arpcreate is the only devhardheader caller making assumption about skb-head being unchanged. A recent commit broke this assumption. Initialize @arp pointer after...

5.9CVSS5.8AI score0.00123EPSS
Exploits0References21
NVD
NVDadded 2026/01/25 3:15 p.m.8 views

CVE-2026-23013

In the Linux kernel, the following vulnerability has been resolved: net: octeonepvf: fix freeirq devid mismatch in IRQ rollback octepvfrequestirqs requests MSI-X queue IRQs with devid set to ioqvector. If requestirq fails part-way, the rollback loop calls freeirq with devid set to 'oct', which do...

7.8CVSS0.00152EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/01/25 3:15 p.m.5 views

CVE-2026-23013

In the Linux kernel, the following vulnerability has been resolved: net: octeonepvf: fix freeirq devid mismatch in IRQ rollback octepvfrequestirqs requests MSI-X queue IRQs with devid set to ioqvector. If requestirq fails part-way, the rollback loop calls freeirq with devid set to 'oct', which do...

7.8CVSS5.7AI score0.00152EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/01/25 2:36 p.m.2 views

CVE-2026-23013

In the Linux kernel, the following vulnerability has been resolved: net: octeonepvf: fix freeirq devid mismatch in IRQ rollback octepvfrequestirqs requests MSI-X queue IRQs with devid set to ioqvector. If requestirq fails part-way, the rollback loop calls freeirq with devid set to 'oct', which do...

5.7AI score0.00152EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/01/25 2:36 p.m.20 views

CVE-2026-23013

CVE-2026-23013 pertains to the Linux kernel: in the octeon_ep_vf IRQ handling, the rollback path frees IRQs with a mismatched dev_id, using the literal 'oct' instead of the original ioq_vector. This can leave irqaction registrations alive, causing a use-after-free or crash when the interrupt fire...

7.8CVSS5.2AI score0.00152EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/01/23 4:15 p.m.3 views

UBUNTU-CVE-2026-22988

In the Linux kernel, the following vulnerability has been resolved: arp: do not assume devhardheader does not change skb-head arpcreate is the only devhardheader caller making assumption about skb-head being unchanged. A recent commit broke this assumption. Initialize @arp pointer after...

7.8CVSS5.7AI score0.00123EPSS
Exploits0References10
UbuntuCve
UbuntuCveadded 2026/01/23 4:15 p.m.2 views

CVE-2026-22988

In the Linux kernel, the following vulnerability has been resolved: arp: do not assume devhardheader does not change skb-head arpcreate is the only devhardheader caller making assumption about skb-head being unchanged. A recent commit broke this assumption. Initialize @arp pointer after...

7.8CVSS5.9AI score0.00123EPSS
Exploits0References9
CVE
CVEadded 2026/01/23 3:24 p.m.14 views

CVE-2026-22988

CVE-2026-22988 affects the Linux kernel’s arp handling, specifically the assumption that skb-&gt;head remains unchanged after dev_hard_header() in arp_create(). The issue arises when a recent commit altered skb-&gt;head, breaking that assumption. The publicly provided description and OpenVAS/Ness...

7.8CVSS5.2AI score0.00123EPSS
Exploits0References7Affected Software1
Cvelist
Cvelistadded 2026/01/23 3:24 p.m.29 views

CVE-2026-22988 arp: do not assume dev_hard_header() does not change skb->head

In the Linux kernel, the following vulnerability has been resolved: arp: do not assume devhardheader does not change skb-head arpcreate is the only devhardheader caller making assumption about skb-head being unchanged. A recent commit broke this assumption. Initialize @arp pointer after...

7.8CVSS0.00123EPSS
Exploits0References7
Rows per page
Query Builder