CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AlpineLinux•added 2026/04/07 11:17 p.m.•4 views

CVE-2026-5747

An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x8664 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue...

8.7CVSS6.5AI score0.00009EPSS

RedhatCVE•added 2026/04/07 6:16 p.m.•2 views

CVE-2026-34197

A flaw was found in Apache ActiveMQ Broker and Apache ActiveMQ. An authenticated attacker can exploit this vulnerability by sending a specially crafted discovery Uniform Resource Identifier URI to the Jolokia JMX-HTTP bridge, which is exposed on the web console. This allows the attacker to bypass...

8.8CVSS6.5AI score0.83461EPSS

Exploits11References6

Veracode•added 2026/04/07 4:37 p.m.•2 views

Improper Privilege Management

kubevirt.io/kubevirt is vulnerable to improper privilege management. The vulnerability is due to excessive permissions granted to the virt-handler service account, which allows an attacker to abuse update and patch capabilities to force VMI migration or schedule privileged pods onto a compromised...

6.9CVSS5.9AI score0.00104EPSS

Exploits1References1Affected Software1

OSSF Malicious Packages•added 2026/04/07 4:1 p.m.•5 views

Malicious code in strapi-plugin-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 322f1a7c9723db125a9be39dcb3f897ca2f65146b7b71874bb3ec26a4825d521 The package strapi-plugin-cache was found to contain malicious code. Source: ghsa-malware...

Veracode•added 2026/04/07 3:46 p.m.•3 views

Exploits0References1

Logic Flaw

KubeVirt is vulnerable to a logic flaw. The vulnerability is due to improper validation in the virt-controller, which allows an attacker to create a malicious pod with matching labels to mislead the controller and disrupt VMI management, leading to denial-of-service...

5.3CVSS5.9AI score0.0006EPSS

Exploits1References2Affected Software1

RustSec•added 2026/04/07 12:0 p.m.•4 views

zantetsu-trainer is unmaintained

The zantetsu-trainer crate is no longer maintained. The ML training infrastructure it contained was removed as part of the zantetsu 0.2 release, which replaced the neural parser with a pure heuristic engine. A tombstone version 0.2.0 has been published and 0.1.4 has been yanked. There is no...

Packet Storm News•added 2026/04/07 12:0 a.m.•0 views

Towards Resilient Intrusion Detection in CubeSats: Challenges, TinyML Solutions, and Future Directions

CubeSats have revolutionized access to space by providing affordable and accessible platforms for research and education. However, their reliance on Commercial Off-The-Shelf COTS components and open-source software has introduced significant cybersecurity vulnerabilities. Ensuring the cybersecuri...

5.9AI score

Positive Technologies•added 2026/04/07 12:0 a.m.•2 views

PT-2026-31052

Name of the Vulnerable Software and Affected Versions Amazon Firecracker versions 1.13.0 through 1.14.3 and version 1.15.0 Description A flaw exists in the virtio PCI transport of Amazon Firecracker that could allow a local guest user with root privileges to crash the Firecracker VMM process or...

8.7CVSS6.4AI score0.00009EPSS

Exploits0References14

Tenable Nessus•added 2026/04/07 12:0 a.m.•1 views

VMware Workstation 17.x, 25H2 < 25H2u1 Multiple Vulnerabilities (VMSA-2026-0002)

The version of VMware Workstation installed on the remote host is 17.x, 25H2.x prior to 25H2u1. It is, therefore, affected by multiple vulnerabilities. - VMWare Workstation and Fusion contain a logic flaw in the management of network packets. A malicious actor with administrative privileges on a...

5.9CVSS5.9AI score0.00011EPSS

FreeBSD•added 2026/04/07 12:0 a.m.•9 views

chromium -- security fixes

Chrome Releases reports: This update includes multiple security fixes: Critical: CVE-2026-5858: Heap buffer overflow in WebML. CVE-2026-5859: Integer overflow in WebML. High: CVE-2026-5860: Use after free in WebRTC. CVE-2026-5861: Use after free in V8. CVE-2026-5862: Inappropriate implementation ...

9.8CVSS7.5AI score0.00161EPSS

Exploits0References1

Packet Storm News•added 2026/04/05 12:0 a.m.•2 views

Towards Unveiling Vulnerabilities of Large Reasoning Models in Machine Unlearning

Large language models LLMs possess strong semantic understanding, driving significant progress in data mining applications. This is further enhanced by large reasoning models LRMs, which provide explicit multi-step reasoning traces. On the other hand, the growing need for the right to be forgotte...

5.9AI score

Packet Storm News•added 2026/04/04 12:0 a.m.•0 views

Improving ML Attacks on LWE with Data Repetition and Stepwise Regression

The Learning with Errors LWE problem is a hard math problem in lattice-based cryptography. In the simplest case of binary secrets, it is the subset sum problem, with error. Effective ML attacks on LWE were demonstrated in the case of binary, ternary, and small secrets, succeeding on fairly sparse...

Packet Storm News•added 2026/04/04 12:0 a.m.•2 views

Explainable PQC: A Layered Interpretive Framework for Post-Quantum Cryptographic Security Assumptions

This paper studies how post-quantum cryptographic PQC security assumptions can be represented and communicated through a structured, layered framework that is useful for technical interpretation but does not replace formal cryptographic proofs. We propose "Explainable PQC,'' an interdisciplinary...

RedhatCVE•added 2026/04/03 10:31 p.m.•0 views

CVE-2026-23425

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine for ARM64 architectures. This vulnerability arises from improper initialization of ID registers for non-protected pKVM protected KVM guests. A malicious guest operating system could exploit this by causing the hypervisor, the...

8.8CVSS5.9AI score0.00015EPSS