CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/02/04 5:15 p.m.•2 views

CVE-2026-23624

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...

4.3CVSS5.4AI score0.00144EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2026/02/03 11:47 p.m.•4 views

melange QEMU runner could write files outside workspace directory

An attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries without validating that paths stay within the workspace, allowing Path Traversal via ../ sequences. Fix:...

8.4CVSS5.4AI score0.00007EPSS

Exploits0References4Affected Software1

OSV•added 2026/02/03 11:47 p.m.•2 views

GHSA-QXX2-7H4C-83F4 melange QEMU runner could write files outside workspace directory

8.2CVSS5.5AI score0.00007EPSS

Exploits0References4

Tenable Nessus•added 2026/02/02 12:0 a.m.•11 views

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-1212)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : tipc: fix a null-ptr-deref in tipctopsrvaccept CVE-2022-50555 integrity: Fix memory leakage in keyring allocation error path CVE-2022-50395 objtoo...

7.8CVSS7.8AI score0.00231EPSS

Exploits2References346

SUSE CVE•added 2026/02/01 12:23 a.m.•3 views

SUSE CVE-2026-23027

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmpchpicdestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmpchpicdestroy is not currently doing this...

Wolfi•added 2026/01/31 1:48 p.m.•5 views

Exploits0References3

CVE-2025-61726 vulnerabilities

Vulnerabilities for packages: sealed-secrets, git-sync, newrelic-infra-operator, stakater-reloader, kustomize, src-fingerprint, actions-runner-controller, k8sgateway, postgres-operator, cluster-api, sbomqs, contour, cloud-provider-vsphere, db-operator, pgtimetable, sftpgo-plugin-kms, src,...

7.5CVSS6.8AI score0.00045EPSS

Wolfi•added 2026/01/31 1:48 p.m.•5 views

GHSA-GR56-3GP6-6GMJ vulnerabilities

5.4AI score

Wolfi•added 2026/01/31 1:48 p.m.•4 views

CVE-2025-68119 vulnerabilities

Vulnerabilities for packages: git-sync, stakater-reloader, timescaledb-tune, actions-runner-controller, src, esbuild, spqr, ipfs-cluster, tekton-pipelines, swagger, nats-server-config-reloader, minio, rancher-helm, golangci-lint, newrelic-fluent-bit-output, rabbitmq-default-user-credential-update...

7CVSS7.7AI score0.00018EPSS

UbuntuCve•added 2026/01/31 12:16 p.m.•4 views

CVE-2026-23028

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmipidestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmipidestroy is not currently doing this, that...

OSV•added 2026/01/31 12:16 p.m.•0 views

Exploits0References4

UBUNTU-CVE-2026-23028

OSV•added 2026/01/31 11:42 a.m.•1 views

Exploits0References5

CVE-2026-23029 LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy()

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmeiointcdestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmeiointcdestroy is not currently doing...

EUVD•added 2026/01/31 11:42 a.m.•1 views

Exploits0References5

EUVD-2026-5066

CVE•added 2026/01/31 11:42 a.m.•8 views

CVE-2026-23028

In the Linux kernel for LoongArch KVM, a memory-leak was reported: kvm_ioctl_create_device() allocated memory for kvm_device, but kvm_ipi_destroy() did not free the kvm_device struct, causing a leak. The issue is resolved by ensuring kvm_ipi_destroy() frees the allocated kvm_device, preventing th...

Debian CVE•added 2026/01/31 11:42 a.m.•2 views

CVE-2026-23028

5.2AI score0.00013EPSS

Cvelist•added 2026/01/31 11:42 a.m.•25 views

CVE-2026-23028 LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()

0.00013EPSS

Tenable Nessus•added 2026/01/31 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-23027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmpchpicdestroy In kvmioctlcreatedevice, kvmdevice ha...

5.5AI score0.00013EPSS

IBM Security Bulletins•added 2026/01/30 4:53 p.m.•9 views

Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System

Summary Vulnerabilities in VMware ESXi affect IBM Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities. Cloud Pak Sytem has delivered updated workload nodes to VMware ESXi 83U3g. Vulnerability Details CVEID:CVE-2025-41236 DESCRIPTION: VMware ESXi, Workstation, and Fusion contain a...

9.3CVSS6.2AI score0.06007EPSS

Exploits2Affected Software1

Packet Storm News•added 2026/01/29 12:0 a.m.•4 views

A Systematic Literature Review on LLM Defenses against Prompt Injection and Jailbreaking: Expanding NIST Taxonomy

The rapid advancement and widespread adoption of generative artificial intelligence GenAI and large language models LLMs has been accompanied by the emergence of new security vulnerabilities and challenges, such as jailbreaking and other prompt injection attacks. These maliciously crafted inputs...

5.4AI score