CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1364 matches found

CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...

8.2CVSS5.8AI score0.00042EPSS

Exploits0References4

Cvelist•added 2 days ago•30 views

CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency

8.2CVSS0.00042EPSS

Exploits0References4

RedhatCVE•added 3 days ago•6 views

CVE-2026-9831

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

6.3CVSS5.8AI score0.0005EPSS

Exploits0References1

Fedora•added 3 days ago•12 views

[SECURITY] Fedora 43 Update: nginx-1.30.2-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS5.8AI score0.00237EPSS

Exploits3

EUVD•added 5 days ago•9 views

EUVD-2026-33445

6.3CVSS5.8AI score0.0005EPSS

Exploits0References2

NVD•added 6 days ago•10 views

CVE-2026-9831

6.3CVSS0.0005EPSS

Exploits0References1

ATTACKERKB•added 6 days ago•6 views

CVE-2026-9831

6.3CVSS5.8AI score0.0005EPSS

Exploits0References2

Vulnrichment•added 6 days ago•6 views

CVE-2026-9831 ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition

6.3CVSS5.8AI score0.0005EPSS

Exploits0References1

Cvelist•added 6 days ago•28 views

CVE-2026-9831 ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition

6.3CVSS0.0005EPSS

Exploits0References1

CVE•added 6 days ago•28 views

CVE-2026-9831

The CVE-2026-9831 entry describes a race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path. Under high-concurrency traffic, requests authenticated with an Extreme Platform ONE /IAM API key could intermittently return data for a different tenant, indicating cross...

6.3CVSS5.8AI score0.0005EPSS

Exploits0References1

CVE•added 6 days ago•10 views

CVE-2026-45151

NanoMQ (0.24.8 and earlier) contains a NULL substream pointer dereference in quic_stream_recv when a substream is reopening. The vulnerable code finishes AIO with an error but does not return before locking c->mtx, indicating a potential NULL dereference and an unlocked/locked state issue in t...

6.3CVSS5.9AI score0.00044EPSS

Exploits0References1

Cvelist•added 6 days ago•24 views

CVE-2026-47741 Shopper: Race condition on Discount.usage_limit allows silent over-redemption

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS0.00025EPSS

Exploits0References3

CNNVD•added 6 days ago•4 views

Extreme Networks Extreme Platform ONE IAM Gateway 安全漏洞

The Extreme Networks Extreme Platform ONE IAM Gateway is a network identity and access management gateway provided by Extreme Networks, Inc. There is a security vulnerability present in the Extreme Networks Extreme Platform ONE IAM Gateway, which stems from a race condition in the API key...

6.3CVSS5.8AI score0.0005EPSS

Exploits0References1

Positive Technologies•added 6 days ago•6 views

PT-2026-44998

Name of the Vulnerable Software and Affected Versions ExtremeCloud IQ affected versions not specified Description A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path can intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued AP...

6.3CVSS5.8AI score0.0005EPSS

Exploits0References3

RedHat Linux•added last week•7 views

kernel: md/bitmap: fix GPF in write_page caused by resize race

A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...

4.7CVSS5.9AI score0.00012EPSS

Exploits0References5

NVD•added last week•8 views

CVE-2026-46210

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix use-after-free of fmtsrc during MBPF check During concurrency testing, multiple instances can run in parallel, and each instance uses its own inst-lock while the core-lock protects the list of active instances. T...

7.8CVSS0.00015EPSS

Exploits0References2

OSV•added last week•1 views

UBUNTU-CVE-2026-46210

7.8CVSS5.7AI score0.00015EPSS

Exploits0References5

ATTACKERKB•added last week•2 views

CVE-2026-46233

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...

5.8AI score0.00032EPSS

Exploits0References9Affected Software1

ATTACKERKB•added last week•5 views

CVE-2026-46210

5.7AI score0.00015EPSS

Exploits0References3Affected Software1

Cvelist•added last week•24 views

CVE-2026-46210 media: iris: fix use-after-free of fmt_src during MBPF check

7.8CVSS0.00015EPSS

Exploits0References2

Rows per page