CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7234 matches found

EUVD•added 2026/05/01 2:14 p.m.•2 views

EUVD-2026-26547

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix isbpfmigrationdisabled false negative on non-PREEMPTRCU Since commit 8e4f0b1ebcf2 "bpf: use rcureadlockdontmigrate for trampoline.c", the BPF prolog bpfprogenter calls migratedisable only when CONFIGPREEMPTRCU is...

5.8AI score0.00015EPSS

Exploits0References3

ATTACKERKB•added 2026/05/01 2:14 p.m.•3 views

CVE-2026-31734

5.8AI score0.00015EPSS

Exploits0References4Affected Software1

Redos•added 2026/04/29 12:0 a.m.•4 views

ROS-20260429-73-0039

A vulnerability in the Intarray extension selectivity evaluation function of the PostgreSQL database management system is related to insufficient validation of the specified input data type. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the...

8.8CVSS6AI score0.00059EPSS

Exploits0

Redos•added 2026/04/29 12:0 a.m.•3 views

ROS-20260429-73-0021

A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...

8.8CVSS6AI score0.00039EPSS

Exploits0

Redos•added 2026/04/29 12:0 a.m.•4 views

ROS-20260429-73-0033

8.8CVSS6AI score0.00059EPSS

Exploits0

Redos•added 2026/04/29 12:0 a.m.•4 views

ROS-20260429-73-0020

8.8CVSS6AI score0.00039EPSS

Exploits0

Redos•added 2026/04/29 12:0 a.m.•5 views

ROS-20260429-73-0037

A vulnerability in the Intarray extension selectivity evaluation function of the PostgreSQL database management system is related to insufficient validation of a specified input data type. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the...

8.8CVSS6AI score0.00059EPSS

Exploits0

Redos•added 2026/04/29 12:0 a.m.•2 views

ROS-20260429-73-0017

8.8CVSS6AI score0.00039EPSS

Exploits0

Redos•added 2026/04/29 12:0 a.m.•3 views

ROS-20260429-73-0018

8.8CVSS6AI score0.00039EPSS

Exploits0

Slackware Linux•added 2026/04/28 6:6 a.m.•3 views

[slackware-security] proftpd

New proftpd packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/proftpd-1.3.9a-i586-1slack15.0.txz: Upgraded. Fix for an SQL injection that may lead to authentication bypass, privilege escalation,...

8.1CVSS6.2AI score0.0699EPSS

Exploits6

Slackware Linux•added 2026/04/27 11:13 p.m.•2 views

[slackware-security] mpg123

New mpg123 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mpg123-1.33.5-i586-1.txz: Upgraded. mpg123: Fix generic control mode for largefile-sensitive builds, where 32 bit offt was used with...

5.4AI score

Exploits0

CVE•added 2026/04/24 2:35 p.m.•5 views

CVE-2026-31560

CVE-2026-31560 affects the Linux kernel spi-dw-dma path. When completing an SPI transaction, an error in handling a missing device message can lead to a system crash; the recommended fix is to obtain the device from the struct spi_controller* (dev from the controller). The vulnerability has been ...

5.5CVSS5.4AI score0.00015EPSS

Exploits0References4Affected Software1

EUVD•added 2026/04/24 2:35 p.m.•0 views

EUVD-2026-25453

In the Linux kernel, the following vulnerability has been resolved: spi: spi-dw-dma: fix print error log when wait finish transaction If an error occurs, the device may not have a current message. In this case, the system will crash. In this case, it's better to use dev from the struct ctlr struc...

5.5AI score0.00015EPSS

Exploits0References2

Debian CVE•added 2026/04/24 2:35 p.m.•1 views

CVE-2026-31560

5.5CVSS5.3AI score0.00015EPSS

Exploits0

Tenable Nessus•added 2026/04/24 12:0 a.m.•2 views

Ubuntu Pro Realtime 24.04 LTS : Linux kernel (Raspberry Pi Real-time) vulnerabilities (USN-8204-1)

"The remote Ubuntu Pro Realtime 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8204-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly...

9.8CVSS5.9AI score0.00092EPSS

Exploits0References176

RedhatCVE•added 2026/04/22 7:22 p.m.•1 views

CVE-2026-40588

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/slug/edit/ does not include a currentpassword field and does not verify the user's existing password before accepting a new one. Any attacker who obtains a valid authenticated session —...

8.1CVSS5.8AI score0.00036EPSS

Exploits0References1

RedhatCVE•added 2026/04/22 6:46 p.m.•1 views

CVE-2026-31482

A flaw was found in the Linux kernel, specifically within the s390 architecture's kernel entry process. Due to an incomplete update, a critical register r12 was not properly cleared when entering the kernel. This oversight could allow a local user to potentially access sensitive system informatio...

5.5CVSS5.7AI score0.00015EPSS

Exploits0References4

EUVD•added 2026/04/22 6:31 p.m.•8 views

EUVD-2026-25008

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

5.6CVSS6AI score0.00008EPSS

Exploits1References2