CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.5CVSS6.8AI score0.05372EPSS

Astra Linux - уязвимость в gst-plugins-base1.0

GStreamer before version 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags...

8.8CVSS7.5AI score0.01797EPSS

Astra Linux - уязвимость в gst-plugins-base1.0

GStreamer PGS File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Exploiting this vulnerability requires interaction with this library, but the attack vectors...

8.1CVSS7.2AI score0.0124EPSS

Astra Linux - уязвимость в ofono

A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug occurs within the decodedeliver function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through SMS. There i...

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в ofono

A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was detected within the smsdecodeaddressfield function during the SMS PDU decoding process. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, ...

8.1CVSS7.3AI score0.01006EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в ofono

A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug occurs within the decodestatusreport function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through SMS...

8.1CVSS7.3AI score0.00947EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux, linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fixed a memory leak in initcreditreturn. When dmaalloccoherent fails to allocate dd-crbasei.va, initcreditreturn should deallocate dd-crbase and dd-crbasei that were allocated earlier. Otherwise, those resources will nev...

5.5CVSS6.2AI score0.00239EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в gst-plugins-base1.0

GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may va...

7.8CVSS7.7AI score0.01565EPSS

5.5CVSS5.7AI score0.00107EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fixed the calculation of the base address in the function kvmeiointc regsaccess. In the function kvmeiointc regsaccess, the base address of the register is calculated by adding an offset to the array base address...

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в node-elliptic

The Elliptic package 6.5.7 for Node.js, in its ECDSA implementation, does not correctly verify valid signatures when the hash contains at least four leading 0 bytes, and when the order of the elliptic curve’s base point is smaller than the hash, due to an truncateToN anomaly. This results in vali...

4.8CVSS6.1AI score0.00556EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux – Vulnerability in gpac

A issue was discovered in GPAC versions 0.5.2 and 0.9.0-development-20191109. There are memory leaks in metxNew in isomedia/boxcodebase.c and abstRead in isomedia/boxcodeadobe.c...

5.5CVSS6.6AI score0.0123EPSS

Exploits1References1

Positive Technologies•added 2026/05/20 12:0 a.m.•8 views

PT-2026-42219

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS5.8AI score0.00586EPSS

Exploits0References3

CNNVD•added 2026/05/20 12:0 a.m.•8 views

HCL BigFix Service Management 安全漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a security vulnerability, which stems from configuration issues. Using outdated or insecure base images may introduce known vulnerabilitie...

9.8CVSS5.8AI score0.00178EPSS

Exploits0References1

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42144

HCL BigFix Service Management SM is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment...

4CVSS5.8AI score0.00178EPSS

Redos•added 2026/05/20 12:0 a.m.•7 views

ROS-20260520-73-0009

A vulnerability in the Base component of Google Chrome and Microsoft Edge browsers is related to the ability to use memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

8.8CVSS6AI score0.00317EPSS

Exploits0

Positive Technologies•added 2026/05/20 12:0 a.m.•6 views

PT-2026-42138

Name of the Vulnerable Software and Affected Versions 389-ds-base affected versions not specified Description A flaw exists in the LDAP server where the get ldapmessage controls ext function fails to enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated...

7.5CVSS5.8AI score0.00452EPSS

Exploits0References14

Snyk•added 2026/05/19 8:9 p.m.•7 views

Server-side Request Forgery (SSRF)

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in SearXNG search proxy via unvalidated baseUrl. An authenticated low-privilege user can point baseUrl at an internal or loopback HTTP service and receive th...

8.5CVSS5.8AI score0.00866EPSS