CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 6 days ago•8 views

EUVD-2026-33263

The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...

8.6CVSS6AI score0.00071EPSS

CVE•added 6 days ago•9 views

CVE-2026-49196

Predator Connect W6x firmware exposes a web-interface command injection via the Wi‑Fi device blocking feature, caused by inadequate MAC address input sanitization. This permits arbitrary shell command execution through the affected component. The CVSS details indicate network access with high imp...

8.6CVSS6AI score0.00071EPSS

Positive Technologies•added 2026/05/25 12:0 a.m.•6 views

PT-2026-43098

A security flaw has been discovered in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. The attack is...

10CVSS7AI score0.01254EPSS

Exploits0References5

OSSF Malicious Packages•added 2026/05/21 2:59 a.m.•4 views

Malicious code in claw_messenger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15ae01d96f3589f6660b2aa5f459595c9346ab885eda35196dae6252775f986a On npm install, this package's postinstall hook performs two unsafe install-time actions. First, dist/postinstall.js spawns a detached npm install -g...

6AI score

OSV•added 2026/05/21 2:59 a.m.•2 views

MAL-2026-4526 Malicious code in claw_messenger (npm)

6AI score

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: usb: aqc111: Fixed error handling of usbnet read calls Syzkaller, with the help of syzbot, identified an error in the aqc111 driver. This error was caused by incomplete sanitization of the results of usbnet read calls. Th...

7.1CVSS6.5AI score0.00072EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed potential invalid access when the MAC list is empty. The listfirstentry function never returns NULL—if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access whe...

7.1CVSS6.5AI score0.00011EPSS

OSV•added 2026/05/12 7:41 a.m.•2 views

MAL-2026-3692 Malicious code in guan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e04a9a658bc7616e72a5edf276dd049e5b697f2492c46929caf2e01fac95d84 The top-level src/guan/init.py unconditionally calls statisticsofguanpackage on every import guan. That function in src/guan/others.py opens a raw TC...

5.8AI score

OSSF Malicious Packages•added 2026/05/12 7:41 a.m.•4 views

Malicious code in guan (PyPI)

5.8AI score

NVD•added 2026/05/11 2:16 a.m.•5 views

CVE-2026-8263

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

9.8CVSS0.00346EPSS

Exploits1References5

SUSE CVE•added 2026/05/09 2:41 a.m.•5 views

SUSE CVE-2026-43199

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5eipsecinitmacs by replacing mlx5querymacaddress with etheraddrcopy to get the local MAC address directly from...

Tenable Nessus•added 2026/05/07 12:0 a.m.•3 views

Exploits0References3

Linux Distros Unpatched Vulnerability : CVE-2026-43199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Fix scheduling while atomic in IPsec MAC address query Fix a scheduling while atomic bug in mlx5eipsecinitmacs by replacing mlx5querymacaddress with...

RedhatCVE•added 2026/05/06 9:13 p.m.•4 views

Exploits0References3

CVE-2026-43199

A flaw was found in the Linux kernel's net/mlx5e component. This vulnerability, identified as a "scheduling while atomic" bug, occurs when the mlx5eipsecinitmacs function attempts to query the hardware for a MAC address in an atomic context, which can lead to the system attempting to sleep. A loc...

EUVD•added 2026/05/06 12:30 p.m.•4 views

Exploits0References4

EUVD-2026-27762

5.8AI score0.00055EPSS

Exploits0References5

NVD•added 2026/05/06 12:16 p.m.•2 views

CVE-2026-43199

7.5CVSS0.00055EPSS

Exploits0References4

CVE•added 2026/05/06 11:28 a.m.•5 views

CVE-2026-43199

CVE-2026-43199 affects the Linux kernel net/mlx5e component. A scheduling-while-atomic bug occurred when mlx5e_ipsec_init_macs() queried hardware MAC via mlx5_query_mac_address() from an atomic context (mlx5e_ipsec_handle_event/workqueue), which can sleep. The fix uses the MAC address already pre...