CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added yesterday•4 views

CVE-2026-46268

CVE-2026-46268 details a Linux kernel issue in PCI/P2PDMA: p2pmem_alloc_mmap() used VM_WARN_ON_ONCE_PAGE(!page_ref_count(page)) after p2pdma page refcount was changed from 1 to 0. The fix changes the assertion to use page_ref_count(page) instead of !page_ref_count(page). The warning is surfaced w...

5.7AI score

RedhatCVE•added 2 days ago•7 views

CVE-2026-9096

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

7.5CVSS5.8AI score0.00054EPSS

NVD•added 2 days ago•6 views

CVE-2026-41577

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

6.9CVSS0.00006EPSS

Vulnrichment•added 2 days ago•1 views

CVE-2026-41577 authentik: SAML source does not validate Conditions, timing, or audience on assertions

6.9CVSS5.7AI score0.00006EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-37229

FlexRIC v2.0.0 contains a reachable assertion in e2apcreatepdu triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence e.g., a single 0x00 byte over SCTP to the near-RT RIC port 36421 or iApp port 36422 to crash the process via SIGABRT. The...

7.5CVSS5.8AI score0.0006EPSS

Exploits1References1

Positive Technologies•added 2 days ago•5 views

PT-2026-45833

6.9CVSS5.7AI score0.00006EPSS

Cvelist•added 3 days ago•22 views

CVE-2026-10300 SGLang Inference HTTP Endpoint lora_manager.py assertion

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS0.00047EPSS

Exploits0References6

Vulnrichment•added 3 days ago•3 views

CVE-2026-10300 SGLang Inference HTTP Endpoint lora_manager.py assertion

6.3CVSS5.2AI score0.00047EPSS

Exploits0References6

EUVD•added 3 days ago•6 views

EUVD-2026-33697

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert. A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp...

7.5CVSS5.8AI score0.00081EPSS

CVE•added 3 days ago•17 views

CVE-2026-9330

IBM WebSphere Application Server 9.0 and 8.5 are affected by CVE-2026-9330 due to improper validation of user-supplied data during deserialization in the SAML Web Single Sign-On component, potentially enabling remote code execution via a crafted HTTP request with a gadget chain. Affected products...

8.5CVSS6.5AI score0.00355EPSS

RedhatCVE•added 3 days ago•4 views

CVE-2026-23557

A flaw was found in xenstored, a component of Xen. Any guest operating system can cause xenstored to crash by issuing an XSRESETWATCHES command within a transaction, leading to a denial of service DoS. This occurs due to an assertion assert triggering, which can halt the xenstored process...

6.5CVSS5.7AI score0.00013EPSS

Cvelist•added 3 days ago•22 views

CVE-2026-37229

0.0006EPSS

Exploits1References2

Vulnrichment•added 3 days ago•3 views

CVE-2026-37229

5.8AI score0.0006EPSS

Exploits1References2

EUVD•added 3 days ago•7 views

EUVD-2026-33660

FlexRIC v2.0.0 crashes when receiving a RICSUBSCRIPTIONRESPONSE with an unknown ricid that has no corresponding pending event. The near-RT RIC uses assert to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged...

7.5CVSS5.8AI score0.00081EPSS

Positive Technologies•added 3 days ago•7 views

PT-2026-45545

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...

8.5CVSS6.5AI score0.00355EPSS

Exploits0References4

CVE•added 3 days ago•7 views

CVE-2026-37228

FlexRIC v2.0.0 is affected by a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The code allocates a fixed 32 KB receive buffer and asserts rc = 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. All four SCTP endpoint types (ports 36421 and 36...

7.5CVSS6.1AI score0.00081EPSS

Exploits1References2Affected Software1

Positive Technologies•added 3 days ago•8 views

PT-2026-45456

FlexRIC v2.0.0 contains reachable assert0 calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type e.g., E2nodeConfigurationUpdate to crash the near-RT RIC process port...

5.8AI score0.0006EPSS

Positive Technologies•added 3 days ago•8 views

PT-2026-45431

FlexRIC v2.0.0 crashes when receiving a RIC SUBSCRIPTION RESPONSE with an unknown ric id that has no corresponding pending event. The near-RT RIC uses assert to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged RIC SUBSCRIPTIO...

5.8AI score0.00081EPSS

CVE•added 3 days ago•9 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a persistent SCTP↔E2 node mapping in the cleanup path and enforces this with an assert(), enabling a remote unauthenticated attacker to crash the near-RT RIC (port 36421) by compl...

7.5CVSS5.8AI score0.00081EPSS