CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/22 1:54 p.m.•26 views

CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parentport in cxldetachep cxldetachep is called during bottom-up removal when all CXL memory devices beneath a switch port have been removed. For each port in the hierarchy it locks both the port a...

0.00125EPSS

CNNVD•added 2026/04/22 12:0 a.m.•6 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that nvme-pci does not ensure that the polling queue is indeed a polling queue. This cou...

4.7CVSS5.8AI score0.00089EPSS

Exploits0References1

Positive Technologies•added 2026/04/22 12:0 a.m.•19 views

PT-2026-34428

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the nvme-pci component. When a user changes the polled queue count at run time, a brief window during a reset may allow a hipri task to poll a queue before the...

8.8CVSS5.8AI score0.00282EPSS

Exploits0References52

Tenable Nessus•added 2026/04/22 12:0 a.m.•2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013786)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013786 advisory. In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb',...

5.6AI score0.00173EPSS

Tenable Nessus•added 2026/04/21 12:0 a.m.•3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011166)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011166 advisory. In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb',...

5.9AI score0.00173EPSS

Tenable Nessus•added 2026/04/21 12:0 a.m.•1 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011098 advisory. In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxlguestinitafu|adapter If deviceregister fails in...

5.5CVSS5.8AI score0.00146EPSS

Tenable Nessus•added 2026/04/21 12:0 a.m.•3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011263)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011263 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor...

5.7AI score0.00206EPSS

Tenable Nessus•added 2026/04/21 12:0 a.m.•1 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011322)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011322 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdnspcie::ops before using it cdnspcie::ops might not be...

5.6AI score0.00173EPSS

OSSF Malicious Packages•added 2026/04/17 6:20 a.m.•6 views

Malicious code in express-security-policy (npm)

Package is malicious. It exfiltrates user/host info to a remote server with obfuscation, delayed execution, and error suppression via preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.8AI score

Exploits0References1

OSV•added 2026/04/17 6:20 a.m.•4 views

MAL-2026-2828 Malicious code in express-security-policy (npm)

5.8AI score

Exploits0References1

Tenable Nessus•added 2026/04/17 12:0 a.m.•3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007622)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007622 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix link state exit during switch upstream function removal Before 456d8aa37d0f PCI/ASP...

7.8CVSS6.4AI score0.00155EPSS

OSV•added 2026/04/16 9:22 p.m.•3 views

GHSA-2QQC-P94C-HXWH Flowise: Weak Default Express Session Secret

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/middleware/passport/index.ts:55 | | Practical Exploitability | High | | Developer Approver | [email protected] | Description Express session secret has a weak default value...

5.6CVSS6AI score

Exploits0References2

Github Security Blog•added 2026/04/16 9:22 p.m.•1 views

Flowise: Weak Default Express Session Secret

6AI score

Exploits0References2Affected Software1

OSSF Malicious Packages•added 2026/04/16 10:1 a.m.•7 views

Malicious code in icims-express-dot-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cc7ed2f685a8199818c3090faeaf9536fa49cced26ffde16ff9061c729e3143 The package icims-express-dot-engine was found to contain malicious code...

OSV•added 2026/04/16 10:1 a.m.•3 views

MAL-2026-2771 Malicious code in icims-express-dot-engine (npm)

OSV•added 2026/04/16 9:56 a.m.•3 views

MAL-2026-2759 Malicious code in express-auth-basic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e643f12d60a16d07664d45cf59400356a38f8bb5463f358e1e86e217b88fab5 The package express-auth-basic was found to contain malicious code...

OSSF Malicious Packages•added 2026/04/16 9:56 a.m.•5 views

Malicious code in express-auth-basic (npm)