CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/04/03 12:0 a.m.•0 views

A Tsetlin Machine-Driven Intrusion Detection System for Next-Generation IoMT Security

The rapid adoption of the Internet of Medical Things IoMT is transforming healthcare by enabling seamless connectivity among medical devices, systems, and services. However, it also introduces serious cybersecurity and patient safety concerns as attackers increasingly exploit new methods and...

CVE•added 2026/04/02 5:42 p.m.•7 views

CVE-2026-34593

This CVE affects Ash Framework (Elixir) where Ash.Type.Module.cast_input/2 unconditionally creates a new Erlang atom via Module.concat([value]) for inputs starting with "Elixir." before module existence is verified. The atom creation can exhaust BEAM’s atom table (default ~1,048,576 entries) and ...

8.2CVSS5.8AI score0.00025EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/04/02 5:42 p.m.•15 views

CVE-2026-34593 Ash Framework: Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...

8.2CVSS0.00025EPSS

Exploits1References2

Microsoft CVE•added 2026/04/02 8:1 a.m.•2 views

KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE

...

8.4CVSS5.7AI score0.00011EPSS

OPENSUSE Linux•added 2026/04/02 12:0 a.m.•2 views

ovmf-202602-6.1 on GA media (moderate)

ovmf-202602-6.1 on GA media Announcement ID: openSUSE-SU-2026:10467-1 Rating: moderate Cross-References: CVE-2025-2296 CVSS scores: CVE-2025-2296 SUSE : 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L CVE-2025-2296 SUSE : 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N Affect...

5.7CVSS5.9AI score0.0013EPSS

UbuntuCve•added 2026/04/01 6:16 p.m.•1 views

CVE-2026-34445

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. It didn’t check if the...

8.6CVSS5.8AI score0.00207EPSS

RedhatCVE•added 2026/04/01 5:3 p.m.•1 views

CVE-2026-34209

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...

7.5CVSS5.8AI score0.00013EPSS

RedhatCVE•added 2026/04/01 1:37 p.m.•2 views

CVE-2026-23402

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM module. This vulnerability allows a host user to bypass KVM's memory management rules by overwriting critical memory structures. This can lead to a compromise of the virtual machine's memory integrity, potentially causing...

5.5CVSS5.9AI score0.00007EPSS

Exploits0References4

HackRead•added 2026/04/01 10:45 a.m.•4 views

Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec

New York, New York, April 1st, 2026, CyberNewswire...

NVD•added 2026/04/01 9:16 a.m.•3 views

CVE-2026-23402

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE Adjust KVM's sanity check against overwriting a shadow-present SPTE with a another SPTE with a different target PFN to only apply to direct MMUs, i.e. on...

5.5CVSS0.00007EPSS

OSV•added 2026/04/01 9:11 a.m.•2 views

MAL-2026-2322 Malicious code in bs58-basic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56502a3bb31374f7cf0d79d8abc98ccac595ca94fe2b9720daeeb9217901c9e0 The package bs58-basic was found to contain malicious code. Source: ghsa-malware 5101b36fd690268aa870c7d458d29e404540f3d3cc29dd19404137ca9f618f56 Any...

OSV•added 2026/04/01 9:11 a.m.•0 views

MAL-2026-2320 Malicious code in base-x-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2486f9bad36944300cb58e1a73a370afef7be10040daf814861d1b1a6287cdb8 The package base-x-64 was found to contain malicious code. Source: ghsa-malware d09ca9d36cb3821dc878f97db3b7e8ddef6f5f8e390373492186d10b668718f3 Any...

Cvelist•added 2026/04/01 8:36 a.m.•31 views

CVE-2026-23402 KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE

0.00007EPSS

CVE•added 2026/04/01 8:36 a.m.•103 views

CVE-2026-23401

CVE-2026-23401 (Linux kernel KVM x86/mmu issue) : The vulnerability arises when installing an emulated MMIO SPTE in KVM without first zapping an existing shadow-present SPTE, allowing guest memory writes outside the intended scope to trigger an MMIO SPTE installation. The root cause is a sequence...

5.5CVSS5.8AI score0.00011EPSS

Exploits0References7Affected Software1

RedhatCVE•added 2026/04/01 5:0 a.m.•0 views

CVE-2026-34054

vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.13, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.13...

7.8CVSS5.8AI score0.00055EPSS

Positive Technologies•added 2026/04/01 12:0 a.m.•0 views

PT-2026-29485

5.7AI score0.00007EPSS

Exploits0References2

EUVD•added 2026/03/31 6:31 p.m.•2 views

EUVD-2026-17510

NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data...

8.3CVSS5.9AI score0.00045EPSS

NVD•added 2026/03/31 5:16 p.m.•1 views

CVE-2026-24148

9.4CVSS0.00045EPSS