CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 14 hours ago•5 views

PT-2026-46132

7.5CVSS5.8AI score

CVE•added yesterday•4 views

CVE-2026-46267

In the Linux kernel NFC stack (nfc: hci: shdlc), llc_shdlc_deinit() frees the llc_shdlc context while SHDLC timers and state-machine work may still be active. Timer callbacks can schedule sm_work, which accesses SHDLC state and skb queues. If teardown runs concurrently with queued or running work...

5.7AI score

Exploits0References7

Schneier on Security•added yesterday•3 views

AI Used to Decrypt Medieval Ciphers

Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers...

EUVD•added yesterday•5 views

EUVD-2026-34033

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...

8.2CVSS5.7AI score0.00014EPSS

Positive Technologies•added yesterday•4 views

PT-2026-46030

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF condition exists in the Linux kernel's NFC HCI SHDLC implementation. The function llc shdlc deinit purges SHDLC skb queues and frees the llc shdlc structure while...

NVD•added 2 days ago•6 views

Exploits0References10

CVE-2026-8936

8.2CVSS0.00014EPSS

ATTACKERKB•added 2 days ago•4 views

CVE-2026-8936

8.2CVSS5.7AI score0.00014EPSS

Exploits0References2Affected Software1

OSSF Malicious Packages•added 2 days ago•6 views

Malicious code in spaysdata (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 55bfbc1a93fe9a662ed20b5fb651390a850c8f43e4d68d81677b4ffd0ca17bcf The package exfiltrates Roblox cookies from the victim machine. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaig...

Packet Storm News•added 2 days ago•1 views

Don't Trust Us: A Privacy-By-Design Android Malware Detection Pipeline

Android malware detection increasingly relies on collecting and processing sensitive user data, including device identifiers, network artifacts, and runtime traces, while privacy is too often treated as a secondary concern. Existing privacy-aware approaches typically enforce privacy after data...

Packet Storm News•added 2 days ago•1 views

Dstack-Capsule: Pod-Level Remote Attestation for Confidential Workloads on Kubernetes

The rise of LLM-as-a-Service and other confidential cloud workloads demands cryptographic proof that user data is processed in a trusted, untampered environment. Existing solutions, notably Confidential Containers CoCo, enforce a strict "one Pod per VM" model that attests only the Guest OS stack,...

NVD•added 3 days ago•9 views

CVE-2026-34193

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...

4.3CVSS0.00013EPSS

CVE•added 3 days ago•8 views

CVE-2026-34193

CVE-2026-34193 affects kernel software running inside a Guest/Host VM that can post improper commands to the GPU firmware. A logic error in address translation enables a compromised Host (Kernel) to perform arbitrary writes to firmware memory, potentially impacting data integrity by writing beyon...

4.3CVSS5.9AI score0.00013EPSS

OSSF Malicious Packages•added 3 days ago•9 views

Malicious code in @pcldpvkoewpogw/testhacker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75fc3a0b4dc467bfee8bcd715fb5eef861c97aaa7f933a04dc5ac6922af1b8fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Positive Technologies•added 3 days ago•7 views

PT-2026-45409

4.3CVSS5.9AI score0.00013EPSS

Packet Storm•added 3 days ago•23 views

📄 dwol 1.0.0 Command Injection

This Python script is a security auditing tool designed to assess a potential unauthenticated command injection vulnerability in dwol. It interacts with the target application's API to register test machines and inject controlled payloads into the host parameter to determine whether arbitrary...

5.9AI score

Packet Storm News•added 5 days ago•2 views

NICE: A Framework for Declarative and Machine-Checkable Vulnerability Reproduction

Reproducing software vulnerabilities is fundamental to security researchers, open-source maintainers, and educators. Yet, vulnerabilities remain hard to reproduce today, and even when they can be reproduced, recreating a software environment where the vulnerability can be exploited becomes harder...