CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

Debian CVE•added 2026/05/28 9:35 a.m.•9 views

CVE-2026-46137

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: fix potential data-race This mptcppmaddtimer helper is executed as a timer callback in softirq context. To avoid any data races, the socket lock needs to be held with bhlocksock. If the socket is in use,...

9.8CVSS5.7AI score0.00497EPSS

Exploits0

CNNVD•added 2026/05/28 12:0 a.m.•6 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of consistent reduction of socket reference counts during the retransmission of ADDADDR ...

5.8AI score0.00127EPSS

Exploits0References3

Positive Technologies•added 2026/05/28 12:0 a.m.•9 views

PT-2026-44293

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the Multipath TCP mptcp path manager during the retransmission of an ADD ADDR message. When the sk socket...

9.8CVSS6AI score0.00521EPSS

Exploits2References290

Positive Technologies•added 2026/05/28 12:0 a.m.•17 views

PT-2026-44260

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A data race exists in the Multipath TCP MPTCP implementation. The mptcp pm add timer helper function, which operates as a timer callback in softirq context, fails to properly hold the...

9.8CVSS5.8AI score0.01582EPSS

Exploits12References282

Positive Technologies•added 2026/05/28 12:0 a.m.•8 views

PT-2026-44281

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference leak exists in the Multipath TCP mptcp path manager. When an ADD ADDR message is retransmitted, the socket sk is held in the sk reset timer function. Certain execution paths...

9.8CVSS5.9AI score0.00463EPSS

Exploits0References291

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: For mptcp: pm: only decrement addaddraccepted for MPJ requests. The following warning has been added: WARNONONCEmsk-pm.addaddraccepted == 0 … Adding this warning before decrementing the addaddraccepted counter helped to identify ...

5.5CVSS5.9AI score0.00221EPSS

Exploits0References2

NVD•added 2026/01/02 9:15 p.m.•12 views

CVE-2026-21448

Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal customer orders any product, in the add address step they can inject a value to run in admin view. The issue can lead to remote code execution. Version...

9.8CVSS0.00835EPSS

Exploits1References1

Vulnrichment•added 2026/01/02 8:18 p.m.•2 views

CVE-2026-21448 Bagisto has Normal & Blind SSTI from low-privilege user when ordering product

9.3CVSS7.6AI score0.00835EPSS

Exploits1References1

OSV•added 2026/01/02 8:18 p.m.•11 views

CVE-2026-21448 Bagisto has Normal & Blind SSTI from low-privilege user when ordering product

9.3CVSS7.7AI score0.00835EPSS

Exploits1References3

RedHat Linux•added 2025/05/13 8:28 a.m.•3 views

kernel: mptcp: pm: only decrement add_addr_accepted for MPJ req

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement addaddraccepted for MPJ req Adding the following warning ... WARNONONCEmsk-pm.addaddraccepted == 0 ... before decrementing the addaddraccepted counter helped to find a bug when running the "remove single...

5.5CVSS6.5AI score0.00221EPSS

Exploits0References5

Microsoft CVE•added 2024/10/12 12:0 a.m.•4 views

CVE-2024-45009

...

5.5CVSS6.6AI score0.00221EPSS

Exploits0

SUSE CVE•added 2024/09/12 2:51 a.m.•3 views

SUSE CVE-2024-45009

3.3CVSS6.5AI score0.00221EPSS

Exploits0References14

OSV•added 2024/09/11 4:15 p.m.•3 views

AZL-49197 CVE-2024-45009 affecting package kernel for versions less than 5.15.167.1-1

5.5CVSS6.7AI score0.00221EPSS

Exploits0References1

OSV•added 2024/09/11 4:15 p.m.•0 views

AZL-49224 CVE-2024-45009 affecting package kernel for versions less than 6.6.51.1-1

5.5CVSS6.7AI score0.00221EPSS

Exploits0References1

OSV•added 2024/09/11 4:15 p.m.•1 views

DEBIAN-CVE-2024-45009

5.5CVSS5.9AI score0.00221EPSS

Exploits0References1

OSV•added 2024/09/11 4:15 p.m.•1 views

UBUNTU-CVE-2024-45009

5.5CVSS6.5AI score0.00221EPSS

Exploits0References18

SUSE CVE•added 2023/02/15 5:39 a.m.•2 views

SUSE CVE-2013-1838

OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service resource exhaustion and failure to spawn new instances via a large number of calls to the addFixedIp function...

4CVSS6.3AI score0.02742EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 5:29 a.m.•2 views

SUSE CVE-2014-2907

The srtpaddaddress function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service application crash via a crafted packet...

4.3CVSS7.4AI score0.02094EPSS

Exploits1References4

CNVD•added 2017/06/26 12:0 a.m.•1 views

SQL Injection Vulnerability in add_address Method of ShopSn V2.0 Mall System

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of open source online store full network system. A SQL injection vulnerability exists in the userid parameter in the addaddress method of t...

7.6AI score

Exploits0