CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In the tty module, for the serial subsystem, there is a issue where the uartlite driver is registered within the init function. When two instances of the uart device are being probed, a concurrency race may occur. If one thread...

5.5CVSS6.6AI score0.00147EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Race conditions between subflow failures and additional subflow creations. We have race conditions similar to those addressed by the previous patch, between subflow failures and additional subflow creations. However, these...

7.8CVSS6.7AI score0.00146EPSS

OSV•added 2026/06/12 8:9 p.m.•5 views

GHSA-CHGR-C6PX-7XPP PyO3 has a missing `Sync` bound on `PyCFunction::new_closure` closures

PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...

6.3CVSS5.7AI score

EUVD•added 2026/06/09 11:52 a.m.•16 views

EUVD-2026-35405

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach and drops the cache's reference on each entry with vgicputirq. It puts...

5.4AI score0.00203EPSS

Tenable Nessus•added 2026/06/09 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-46316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach a...

9.3CVSS5.9AI score0.00203EPSS

Exploits0References3

CNNVD•added 2026/06/09 12:0 a.m.•13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from the vgicitsinvalidatecache function, which incorrectly places an iteration pointer ...

9.3CVSS5.3AI score0.00203EPSS

RedhatCVE•added 2026/06/05 7:35 p.m.•6 views

CVE-2026-32134

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for cleanstart=0...

5.9CVSS5.4AI score0.00401EPSS

RedhatCVE•added 2026/06/05 7:25 p.m.•7 views

CVE-2026-44318

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if t...

6.5CVSS5.6AI score0.00268EPSS

Exploits1References1

Cvelist•added 2026/06/02 2:15 p.m.•38 views

CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...

8.2CVSS0.00384EPSS

Vulnrichment•added 2026/06/02 2:15 p.m.•10 views

CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency

8.2CVSS5.8AI score0.00384EPSS

RedhatCVE•added 2026/06/01 4:3 p.m.•9 views

CVE-2026-9831

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

Fedora•added 2026/06/01 1:1 a.m.•22 views

[SECURITY] Fedora 43 Update: nginx-1.30.2-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS5.8AI score0.02596EPSS

Exploits3

Positive Technologies•added 2026/06/01 12:0 a.m.•12 views

PT-2026-47753

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 13031fb6b835 Description A race condition exists in the vGIC-ITS Interrupt Translation Service emulation within KVM on arm64 systems. The issue occurs in the vgic its invalidate cache function, which iterates...

9.3CVSS6AI score0.00203EPSS

Exploits0References87

EUVD•added 2026/05/30 12:30 a.m.•12 views

EUVD-2026-33445

NVD•added 2026/05/29 10:16 p.m.•17 views

CVE-2026-9831

6.3CVSS0.00172EPSS

ATTACKERKB•added 2026/05/29 9:19 p.m.•9 views

CVE-2026-9831

Cvelist•added 2026/05/29 9:19 p.m.•35 views

CVE-2026-9831 ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition

6.3CVSS0.00172EPSS

CVE•added 2026/05/29 9:19 p.m.•40 views

CVE-2026-9831

The CVE-2026-9831 entry describes a race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path. Under high-concurrency traffic, requests authenticated with an Extreme Platform ONE /IAM API key could intermittently return data for a different tenant, indicating cross...