CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

291 matches found

CVE-2026-49412

The CVE (CVE-2026-49412) affects FreeBSD’s kernel IPv6 multicast source filter (IPV6_MSFILTER) handling. The issue is a use-after-free: the handler releases a serializing lock to copy the source-filter list from userspace and later reacquires it; during the window a competing thread can free the ...

5.8AI score0.00133EPSS

Exploits0References1

RedhatCVE•added 3 days ago•5 views

CVE-2026-53275

A flaw was found in the Linux kernel's IPv6 multicast mcast component. When processing Multicast Listener Discovery MLD queries, a pointer to the multicast group address is not correctly reloaded after certain packet manipulations. This can lead to a use-after-free vulnerability, potentially...

8.8CVSS6AI score0.00168EPSS

Exploits0References4

Debian CVE•added 3 days ago•4 views

CVE-2026-53228

In the Linux kernel, the following vulnerability has been resolved: ipv6: sit: reload inner IPv6 header after GSO offloads ipip6tunnelxmit caches the inner IPv6 header pointer at function entry and continues using it after iptunnelhandleoffloads. For GSO skbs, iptunnelhandleoffloads calls...

9.8CVSS5.6AI score0.00184EPSS

Exploits0

CVE•added 3 days ago•9 views

CVE-2026-53219

CVE-2026-53219 affects the Linux kernel netfilter x_tables; the native and compat get-entries paths could leak a percpu counter pointer from the rule blob to userspace when the fixed-header is copied before counters are sanitized. On SMP systems, entry->counters.pcnt held the percpu allocation...

5.7AI score0.00184EPSS

Exploits0References8

NVD•added 4 days ago•4 views

CVE-2026-52981

In the Linux kernel, the following vulnerability has been resolved: neigh: let neighxmit take skb ownership neighxmit always releases the skb, except when no neighbour table is found. But even the first added user of neighxmit mpls relied on neighxmit to release the skb or queue it for tx. sashik...

7.5CVSS0.00189EPSS

Exploits0References6

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Net: Properly handles tunneled traffic when using GSO fallback for IPV6CSUM. NETIFFIPV6CSUM only indicates support for packet checksum offloading without IPv6 extension headers. Packets with extension headers must rely on...

7.5CVSS5.7AI score0.00371EPSS

Exploits0References1

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: xtables: avoided NFPROTOUNSPEC where needed syzbot managed to call xtcluster via ebtables: WARNING: CPU: 0 PID: 11 at net/netfilter/xtcluster.c:72 xtclustermt+0x196/0x780 .. ebtdotable+0x174b/0x2a40 The module...

5.5CVSS6.5AI score0.00231EPSS

Exploits0References2

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipv4, ipv6: Fixed the handling of transhdrlen in ip,6appenddata. Including transhdrlen in the packet length is a problem when the packet is partially filled e.g., a sendMSGMORE operation occurred previously when appending to a...

5.5CVSS5.5AI score0.00226EPSS

Exploits0References2

RedHat Linux•added 2026/06/17 7:31 a.m.•4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.4AI score0.0052EPSS

Exploits0References8

RedHat Linux•added 2026/06/16 7:17 p.m.•7 views

kernel: netfilter: flowtable: strictly check for maximum number of actions

A flaw was found in the Netfilter flowtable component of the Linux kernel. This vulnerability occurs because the system does not strictly check the maximum number of hardware offload actions for IPv6, allowing it to process more actions than supported. This could potentially lead to system...

7.8CVSS5.4AI score0.0013EPSS

Exploits0References5

RedHat Linux•added 2026/06/12 7:56 p.m.•18 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.6AI score0.00563EPSS

Exploits0References5

SUSE CVE•added 2026/06/12 2:25 a.m.•7 views

SUSE CVE-2026-50127

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

5.9CVSS5.2AI score0.00291EPSS

Exploits0References3

NVD•added 2026/06/10 8:17 p.m.•9 views

CVE-2026-50127

5.9CVSS0.00291EPSS

Exploits0References3

Vulnrichment•added 2026/06/10 7:56 p.m.•6 views

CVE-2026-50127 Weblate SSRF: outbound URL guard misses the NAT64 well-known prefix (64:ff9b::/96)

5.9CVSS5.3AI score0.00291EPSS

Exploits0References3

Positive Technologies•added 2026/06/10 12:0 a.m.•13 views

PT-2026-48524

Name of the Vulnerable Software and Affected Versions Weblate versions 5.15 through 2026.5 Description Weblate is a web-based localization tool. The VCS RESTRICT PRIVATE setting fails to properly account for certain semi-private IPv4 ranges, multicast addresses, and transitional IPv6 ranges,...

5.9CVSS5.3AI score0.00291EPSS

Exploits0References7

CNNVD•added 2026/06/10 12:0 a.m.•15 views

Weblate 代码问题漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 2026.6 had code-related vulnerabilities. These vulnerabilities stemmed from the improper handling of some transition IPv6 ranges, multicast addresses, and partially...

5.9CVSS5.3AI score0.00291EPSS

Exploits0References1

FreeBSD•added 2026/06/09 12:0 a.m.•24 views

FreeBSD -- Use-after-free bug in the IPV6_MSFILTER socket option handler

Problem Description: The kernel handler for IPV6MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the multicast filter structure, leaving the handler with a stale pointer to freed...

5.5AI score0.00133EPSS

Exploits0

OSV•added 2026/06/08 7:0 p.m.•5 views

GHSA-3QP7-7MW8-WX86 Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking

Summary An attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses can bypass the restrictions. Details io.netty.handler.ipfilter.IpSubnetFilterRulecompareTojava.net.InetSocketAddress method performs a bitwise AND...

8.1CVSS5.5AI score0.00407EPSS

Exploits0References5

ATTACKERKB•added 2026/06/04 9:26 a.m.•5 views

CVE-2026-50224

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

6.9CVSS5.8AI score0.00234EPSS

Exploits0References2

Hacker One•added 2026/06/03 9:19 p.m.•19 views

curl: DNS domain search list followed for extant domain missing A or AAAA records

Summary: Curl calls getaddrinfo to resolve a domain's addresses, however glibc will continue though the domain search list to find data even if it gets a NODATA response. When using AFUNSPEC in the aihints, this search will stop at the first domain with either an A or AAAA record, however when...

5.5AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by