CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/04/22 12:0 a.m.•4 views

PT-2026-34442

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A cached crafted response can cause an out-of-bounds read, which occurs when a program reads data outside the intended boundary of a buffer. This happens if cust...

9.1CVSS5.2AI score0.00005EPSS

Exploits0References16

Positive Technologies•added 2026/04/22 12:0 a.m.•3 views

PT-2026-34424

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the btrfs file system where the BTRFS ROOT ORPHAN CLEANUP bit is not set during subvolume creation in the create subvol function. This can lead to a race condition...

5.5CVSS5.3AI score0.00015EPSS

Exploits0References18

CNNVD•added 2026/04/22 12:0 a.m.•4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A local elevation of privilege vulnerability exists in the Linux kernel, which stems from a flaw in the logic of the crypto: algifaead module when handling AEAD operations, and...

7.8CVSS7.3AI score0.02194EPSS

Exploits226References1

Positive Technologies•added 2026/04/22 12:0 a.m.•3 views

PT-2026-34322

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

5.3CVSS5.8AI score0.00002EPSS

Tenable Nessus•added 2026/04/22 12:0 a.m.•1 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013778 advisory. In the Linux kernel, the following vulnerability has been resolved: dm cache: prevent BUGON by blocking retries on failed device resumes A cache device failing to...

5.5CVSS6.7AI score0.00079EPSS

Exploits0References4

Oracle linux•added 2026/04/22 12:0 a.m.•8 views

bind security update

9.18.33-10.0.2.el101.3 - Hard require needed openssl-libs Orabug: 38742109 - Fix warning when changing device file permissions Orabug: 36518580 32:9.18.33-10.3 - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 32:9.18.33-10.2 - Fix upstream reported regressio...

7.5CVSS7.5AI score0.00071EPSS

Exploits1

Tenable Nessus•added 2026/04/22 12:0 a.m.•2 views

SUSE SLES15 Security Update : flatpak (SUSE-SU-2026:1511-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1511-1 advisory. - CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox-expose options bsc1261769. - CVE-2026-34079: Arbitrary...

10CVSS8.3AI score0.00172EPSS

Exploits0References7

Tenable Nessus•added 2026/04/22 12:0 a.m.•3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013430)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013430 advisory. In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path o...

5.5CVSS6.4AI score0.00017EPSS

Exploits0References4

Cvelist•added 2026/04/21 11:38 p.m.•23 views

CVE-2026-41131 OpenFGA has Improper Policy Enforcement

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result f...

5CVSS0.00046EPSS

ATTACKERKB•added 2026/04/21 11:38 p.m.•2 views

CVE-2026-41131

5CVSS5.8AI score0.00046EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/21 11:38 p.m.•2 views

CVE-2026-41131 OpenFGA has Improper Policy Enforcement

5CVSS5.8AI score0.00046EPSS

NVD•added 2026/04/21 10:16 p.m.•1 views

CVE-2026-40942

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...

6.3CVSS0.00057EPSS

EUVD•added 2026/04/21 9:9 p.m.•2 views

EUVD-2026-24496

Vulnrichment•added 2026/04/21 9:9 p.m.•1 views

CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

ATTACKERKB•added 2026/04/21 9:9 p.m.•1 views

CVE-2026-40942

Exploits0References4Affected Software3

CVE•added 2026/04/21 9:9 p.m.•6 views

CVE-2026-40942

The DSF vulnerability CVE-2026-40942 affects the OIDC JWKS and Metadata Document caches (and the OIDC token cache for FHIR client connections) prior to version 2.1.0, where an inverted time comparison (isBefore vs isAfter) caused the cache to never return cached values and never invalidate, resul...

Cvelist•added 2026/04/21 9:9 p.m.•25 views

CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

6.3CVSS0.00057EPSS