CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

4.3CVSS6.1AI score0.01006EPSS

Astra Linux – Vulnerability in sane-backends

A out-of-bounds read in SANE backends before version 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, also known as GHSL-2020-083...

Exploits1References1

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability in sane-backends

A NULL pointer dereferencing in SANE backends before version 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079...

5.7CVSS6.4AI score0.01041EPSS

6.5CVSS6.8AI score0.00332EPSS

Astra Linux – Vulnerability in Linux, Linux 5.10

Rogue backends can cause Denial of Service DoS attacks on guests through high-frequency events. This CNA information record relates to multiple Common Vulnerabilities and Exposures CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Xen allows for the execution of PV...

8CVSS8.1AI score0.01457EPSS

Astra Linux – Vulnerability in sane-backends

A heap buffer overflow in SANE backends before version 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, known as GHSL-2020-084...

Exploits1References1

AstraLinux•added 2026/05/03 11:59 p.m.•11 views

Astra Linux - уязвимость в linux

A issue was discovered in the Linux kernel versions 2.6.39 through 5.10.16, as used in Xen. The block, net, and SCSI backends consider certain errors as ordinary bugs, which are deliberately designed to cause kernel crashes. For errors that may be influenced by guests such as memory exhaustion...

5.5CVSS6.7AI score0.00544EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...

7CVSS6.4AI score0.00334EPSS

7CVSS6.4AI score0.00351EPSS

Astra Linux – Vulnerability in Linux 5.10, Linux

OSV•added 2026/05/03 9:56 a.m.•6 views

OESA-2026-2166 opencryptoki security update

openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...

6.8CVSS6AI score0.0016EPSS

OSV•added 2026/05/03 9:56 a.m.•51 views

OESA-2026-2164 opencryptoki security update

6.8CVSS6AI score0.0016EPSS

OSV•added 2026/05/03 9:56 a.m.•19 views

OESA-2026-2163 opencryptoki security update

6.8CVSS6AI score0.0016EPSS

Packet Storm News•added 2026/05/03 12:0 a.m.•1 views

Trojan Hippo: Weaponizing Agent Memory for Data Exfiltration

Memory systems enable otherwise-stateless LLM agents to persist user information across sessions, but also introduce a new attack surface. We characterize the Trojan Hippo attack, a class of persistent memory attacks that operates in a more realistic threat model than prior memory poisoning work:...

5.8AI score

Exploits0

vulnersOsv•added 2026/05/01 9:30 a.m.•11 views

a10-octavia (>=1.0.0 <=2.2.0), gadgetfinder (>=0.0.1 <=1.0.0) +3 more potentially affected by CVE-2026-43001 via keystone (>=15.0.1 <=29.0.1)

keystone PYPI version =15.0.1, =1.0.0, =0.0.1, =0.1.0, =0.1.0, =1.12.0 Source cves: CVE-2026-43001 Source advisory: SNYK:PYTHON-KEYSTONE-16479530...

8CVSS5.8AI score0.00404EPSS

Exploits1

NVD•added 2026/04/23 10:16 p.m.•2 views

CVE-2026-41357

OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...

3.3CVSS0.00152EPSS

Exploits0References3

Cvelist•added 2026/04/23 9:58 p.m.•28 views

CVE-2026-41357 OpenClaw < 2026.3.31 - Unsanitized Environment Variable Leakage in SSH Sandbox Backends

3.3CVSS0.00152EPSS

Exploits0References3

ATTACKERKB•added 2026/04/23 9:58 p.m.•0 views

CVE-2026-41357

3.3CVSS5.8AI score0.00152EPSS

Exploits0References4

SUSE CVE•added 2026/04/23 1:24 a.m.•6 views

SUSE CVE-2026-33596

A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend...

6.5CVSS5.7AI score0.00169EPSS

Exploits0References3

ATTACKERKB•added 2026/04/23 12:3 a.m.•3 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.2CVSS5.9AI score0.08375EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2026/04/23 12:0 a.m.•3 views

PT-2026-34788

3.3CVSS5.8AI score0.00152EPSS

Exploits0References5

CNNVD•added 2026/04/22 12:0 a.m.•8 views

PowerDNS DNSdist 安全漏洞

PowerDNS DNSdist is a proxy software provided by PowerDNS, which offers capabilities for DNS traffic load balancing and security protection. PowerDNS DNSdist has a security vulnerability that stems from malicious backends capable of sending specially crafted UDP responses with query IDs differing...

8.2CVSS5.8AI score0.00731EPSS