CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/28 9:36 a.m.•27 views

CVE-2026-46190 mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed to spinorprintflags using sizeofsnorfnames. Since snorfnames is an arr...

7.1CVSS0.00013EPSS

ATTACKERKB•added 2026/05/28 9:36 a.m.•5 views

CVE-2026-46191

In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...

6AI score0.00024EPSS

Exploits0References6Affected Software1

Exploits0References6Affected Software1

CVE-2026-46190

5.8AI score0.00013EPSS

Cvelist•added 2026/05/28 9:36 a.m.•21 views

CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails

0.00024EPSS

CVE•added 2026/05/28 9:36 a.m.•11 views

CVE-2026-46190

Summary (CVE-2026-46190) : A Linux kernel vulnerability in the MTD SPI-NOR debugfs code caused an out-of-bounds read in spi_nor_params_show() due to passing an array of pointers to spi_nor_print_flags() with sizeof(snor_f_names). Since sizeof on a pointer array yields bytes, not element count, th...

7.1CVSS5.8AI score0.00013EPSS

EUVD•added 2026/05/28 9:36 a.m.•6 views

EUVD-2026-32817

5.8AI score0.00013EPSS

Cvelist•added 2026/05/28 9:36 a.m.•25 views

CVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path

In the Linux kernel, the following vulnerability has been resolved: RDMA/vmwpvrdma: Fix double free on pvrdmaallocucontext error path Sashiko points out that pvrdmauarfree is already called within pvrdmadeallocucontext, so calling it before triggers a double free...

0.00032EPSS

Exploits0References8

CVE•added 2026/05/28 9:36 a.m.•12 views

CVE-2026-46189

The CVE concerns the Linux kernel RDMA/vmw_pvrdma component. The vulnerability arises from a faulty error-path sequence in pvrdma_alloc_ucontext where pvrdma_uar_free() is called before the deallocation path completes, causing a double-free because pvrdma_uar_free() is already invoked within pvrd...

ATTACKERKB•added 2026/05/28 9:36 a.m.•5 views

Exploits0References8

CVE-2026-46189

Exploits0References9Affected Software1

EUVD•added 2026/05/28 9:36 a.m.•5 views

EUVD-2026-32816

Exploits0References5Affected Software1

CVE-2026-46188

In the Linux kernel, the following vulnerability has been resolved: octeonepvf: add NULL check for napibuildskb napibuildskb can return NULL on allocation failure. In octepvfoqprocessrx, the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading t...

5.8AI score0.00023EPSS

CVE-2026-46187

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exitkthreadcompleteandexit and external-stop kthreadstop when killing a kthread. Generally, kthreadstop is called first, and in thi...

Exploits0References9Affected Software1

EUVD•added 2026/05/28 9:36 a.m.•6 views

EUVD-2026-32814

CVE•added 2026/05/28 9:36 a.m.•11 views

CVE-2026-46186

The CVE-2026-46186 issue affects the Linux kernel Bluetooth virtio_bt driver. In virtbt_rx_handle(), the driver reads the leading pkt_type from the RX skb and forwards the remaining payload to hci_recv_frame() for all packet types (event/ACL/SCO/ISO) without verifying that the payload is large en...

5.7AI score0.00032EPSS

Exploits0References7

Exploits0References8Affected Software1

CVE-2026-46186

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

5.7AI score0.00032EPSS

ATTACKERKB•added 2026/05/28 9:36 a.m.•8 views

CVE-2026-46185

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdata it is possible for iov-iovlen to be smaller than sizeofstruct...

9.1CVSS5.8AI score0.00072EPSS

Exploits0References7Affected Software1

CVE•added 2026/05/28 9:36 a.m.•10 views

CVE-2026-46185

The CVE-2026-46185 issue affects the Linux kernel SMB client. The root cause is insufficient length validation in smb2_check_message() when processing symlink error responses, allowing a symlink_data() path to read beyond the buffer if iov_len is smaller than the 64-byte SMB2 header and accessing...

9.1CVSS5.7AI score0.00072EPSS

Exploits0References6

EUVD•added 2026/05/28 9:36 a.m.•7 views

EUVD-2026-32812

5.7AI score0.00072EPSS

EUVD•added 2026/05/28 9:36 a.m.•6 views

EUVD-2026-32811

In the Linux kernel, the following vulnerability has been resolved: sound: ua101: fix division by zero at probe Add a missing sanity check for bNrChannels in detectusbformat to prevent a division by zero in playbackurbcomplete and captureurbcomplete. USB core does not validate class-specific...