CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 5 days ago•6 views

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23112)

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmettcpbuildpduiovec nvmettcpbuildpduiovec could walk past cmd-req.sg when a PDU length or offset exceeds sgcnt and then use bogus sg-length/offset values, leading to copytoiter GPF/KASAN. Guard...

9.8CVSS5.7AI score0.00399EPSS

Cvelist•added 6 days ago•26 views

CVE-2026-55738 Stack Buffer Overflow in rxi/microtar raw_to_header() via non-null-terminated TAR name field

A stack-based buffer overflow exists in the rawtoheader function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy without guaranteeing null termination of the source. The POSIX ustar format permits these fixed-width...

8.8CVSS0.00635EPSS

RedHat Linux•added 6 days ago•4 views

kernel: netfilter: nf_tables: release flowtable after rcu grace period on error

A flaw was found in the Linux kernel's netfilter component, specifically within the nftables subsystem. An error in releasing a flowtable after an RCU Read-Copy-Update grace period could lead to a use-after-free vulnerability. This issue could expose the flowtable to the packet path and...

7.8CVSS5.8AI score0.00119EPSS

RedHat Linux•added 6 days ago•5 views

kernel: net: use dst_dev_rcu() in sk_setup_caps()

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

5.4AI score0.00167EPSS

RedHat Linux•added 6 days ago•6 views

kernel: macvlan: fix possible UAF in macvlan_forward_source()

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlanforwardsource Add RCU protection on struct macvlansourceentry-vlan. Whenever macvlanhashdelsource is called, we must clear entry-vlan pointer before RCU grace period starts. This allows...

7.8CVSS5.3AI score0.00188EPSS

RedHat Linux•added 6 days ago•3 views

kernel: net: use dst_dev_rcu() in sk_setup_caps()

5.4AI score0.00167EPSS

RedHat Linux•added 6 days ago•3 views

kernel: netfilter: nf_tables: release flowtable after rcu grace period on error

7.8CVSS5.8AI score0.00119EPSS

OSV•added 6 days ago•7 views

MAL-2026-5973 Malicious code in classbreeze-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d The package masquerades as a Tailwind plugin: README and the top of src/index.js are a verbatim clone of @tailwindcss/typography...

5.6AI score

SUSE CVE•added 6 days ago•8 views

SUSE CVE-2026-46331

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

7.8CVSS5.5AI score0.00157EPSS

RedHat Linux•added 6 days ago•5 views

kernel: netfilter: nf_tables: release flowtable after rcu grace period on error

7.8CVSS5.8AI score0.00119EPSS

Tenable Nessus•added 6 days ago•5 views

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8440-1)

"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8440-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the...

9.8CVSS7.6AI score0.94016EPSS

Exploits271References394

OSV•added last week•6 views

USN-8426-2 linux-azure vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...

9.8CVSS8AI score0.94016EPSS

Exploits270References19

CVE•added last week•16 views

CVE-2026-48777

CVE-2026-48777 — FileBrowser Quantum has a path-traversal in the public share PATCH endpoint. Versions prior to 1.3.2-stable, 1.4.0-beta, and 1.4.1-beta allow an attacker with a public share link that has AllowModify=true to move, copy, or rename files outside the share root by abusing publicPatc...

9.3CVSS5.4AI score0.00446EPSS

RedhatCVE•added last week•6 views

CVE-2026-46331

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.2AI score0.00157EPSS

NVD•added 2026/06/16 8:16 a.m.•10 views

CVE-2026-46331

0.00157EPSS

Debian CVE•added 2026/06/16 6:26 a.m.•46 views

CVE-2026-46331

5.5AI score0.00157EPSS

Exploits0

Cvelist•added 2026/06/16 6:26 a.m.•28 views

CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption

0.00157EPSS

EUVD•added 2026/06/16 6:26 a.m.•8 views

EUVD-2026-37039

5.5AI score0.00157EPSS

Exploits0References1

CVE•added 2026/06/16 6:26 a.m.•76 views

CVE-2026-46331

The CVE-2026-46331 issue affects the Linux kernel net/sched path (pedit action). The root cause was tcf_pedit_act() computing the COW write range once before the key loop using tcfp_off_max_hint, which did not account for runtime header offset from typed keys, potentially leaving part of the writ...

5.4AI score0.00157EPSS