CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: MIPS: Do not crash when calling stacktop for tasks without an ABI or vDSO. Not all tasks have an ABI associated with them, or a vDSO mapped to them. For example, kthreads never have such an ABI. If such a task calls stacktop, ...

5.5CVSS6.9AI score0.00024EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: alloctag: Dynamically allocate percpu counters for module tags. When a module is unloaded, it checks whether any of its tags are still in use. If so, it keeps the memory containing the module’s allocation tags alive until all tag...

7.8CVSS5.7AI score0.00078EPSS

Fedora•added 2026/05/20 1:1 a.m.•9 views

[SECURITY] Fedora 43 Update: dnsmasq-2.92rel2-2.fc43

Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with...

8.4CVSS5.8AI score0.0024EPSS

Exploits4

EUVD•added 2026/05/20 12:31 a.m.•8 views

EUVD-2026-30999

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

5.8AI score0.00082EPSS

Github Security Blog•added 2026/05/20 12:31 a.m.•3 views

Drupal core allows Object Injection

6.6CVSS5.4AI score0.00082EPSS

Exploits0References3Affected Software1

OSV•added 2026/05/20 12:31 a.m.•2 views

GHSA-XMJC-63PR-2MPG Drupal core allows Object Injection

6.6CVSS5.4AI score0.00082EPSS

Exploits0References3

Packet Storm News•added 2026/05/20 12:0 a.m.•4 views

angr 9.2.216

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

Redos•added 2026/05/20 12:0 a.m.•6 views

ROS-20260520-73-0011

A vulnerability in the WebAudio component of Google Chrome and Microsoft Edge browsers is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...

8.8CVSS6.5AI score0.0003EPSS

Packet Storm News•added 2026/05/20 12:0 a.m.•7 views

GenAI-Driven Threat Detection with Microsoft Security Copilot

Defending against today's increasingly sophisticated cyberattacks requires security analysts to continuously translate evolving attacker tradecraft into detection logic. This places defenders in a reactive posture, requiring constantly updated expertise across an increasingly fragmented security...

Redos•added 2026/05/20 12:0 a.m.•7 views

ROS-20260520-73-0023

A vulnerability in the PDFium component of Google Chrome and Microsoft Edge browsers is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted PDF file...

8.8CVSS6AI score0.00032EPSS

Redos•added 2026/05/20 12:0 a.m.•5 views

ROS-20260520-73-0060

A vulnerability in the Google Chrome web browser is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

8.8CVSS7.7AI score0.00043EPSS

Packet Storm News•added 2026/05/20 12:0 a.m.•6 views

FuzzingBrain V2: A Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction

Software vulnerabilities pose critical security threats, with nearly 50,000 CVEs reported in 2025. While Large Language Models LLMs show promise for automated vulnerability detection, three key challenges remain. First, LLM-generated vulnerability reports suffer from high false positive rates and...

5.9AI score

NVD•added 2026/05/19 11:16 p.m.•8 views

CVE-2026-6366

6.6CVSS0.00082EPSS

ATTACKERKB•added 2026/05/19 10:27 p.m.•6 views

CVE-2026-6366

5.8AI score0.00082EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/19 10:27 p.m.•27 views

CVE-2026-6366 Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002

0.00082EPSS

Vulnrichment•added 2026/05/19 10:27 p.m.•5 views

CVE-2026-6366 Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002

5.8AI score0.00082EPSS

OSV•added 2026/05/19 9:52 p.m.•2 views

MAL-2026-4741 Malicious code in aurafarmer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 967bdc07ba43b92a320ad0ef81975a5547d24b987eda5b8cdf863fc7c18245e0 The package advertises an aurex CLI. Its login flow aurex/main.py around line 108 prompts the user for email and password and POSTs them as JSON to a...

OSSF Malicious Packages•added 2026/05/19 9:52 p.m.•7 views

Malicious code in aurafarmer (PyPI)

Cvelist•added 2026/05/19 8:31 p.m.•27 views

CVE-2026-34216 CtrlPanel: Authenticated Remote Code Execution via Dynamic Class Instantiation in SettingsController.php

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...

6.6CVSS0.00406EPSS