CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.5CVSS5.4AI score0.00018EPSS

CVE-2026-46283

A flaw was found in the Linux kernel's Trusted Platform Module TPM driver. This vulnerability arises from the driver's failure to securely clear sensitive cryptographic material, such as session keys and passphrases, from memory when a TPM device is released. A local attacker could potentially...

5.5CVSS5.4AI score0.00019EPSS

CVE-2026-46284

A flaw was found in the Linux kernel's hugetlb memory management. A local user could exploit this by providing malformed kernel command-line parameters, such as hugepages or hugepagesz, without an '=' separator. This improper handling of input during early parameter parsing can lead to a system...

CVE-2026-46288

A flaw was found in the Linux kernel. This vulnerability, a use-after-free UAF, occurs within the ofunittestchangeset function due to improper handling of device node references. An attacker could exploit this by causing a device node's memory to be freed while it is still in use. This could lead...

5.4AI score0.00018EPSS

5.5CVSS5.5AI score0.00018EPSS

CVE-2026-46289

A flaw was found in the Linux kernel's lib/scatterlist component. Incorrect length calculations within the extractkvectosg function, when extracting data from a kvec to a scatterlist, could lead to writing beyond intended page boundaries. Additionally, when extracting a user buffer, the scatterli...

RedhatCVE•added 5 days ago•4 views

CVE-2026-46293

A flaw was found in the Linux kernel's clock driver for Microchip PolarFire SoC MPFS systems. This vulnerability involves an out-of-bounds memory access that occurs during the registration of clock outputs. The issue stems from incorrect memory allocation within the driver, which can lead to syst...

5.5AI score0.00024EPSS

RedhatCVE•added 5 days ago•6 views

CVE-2026-46299

A flaw was found in the hfsplus filesystem component of the Linux kernel. An issue exists in the hfsplusfillsuper function where a lock is not properly released during an error handling path. This can occur when certain conditions cause hfspluscatbuildkey to fail during filesystem initialization....

5.5CVSS5.5AI score0.00018EPSS

Snyk•added 5 days ago•4 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the lack of an enforced maximum header size limit in the default configuration of the Http3ConnectionHandler. An attacker can exhaust server memory and cause application crashes by...

8.7CVSS5.5AI score0.0004EPSS

Exploits0References2

OSV•added 5 days ago•4 views

GHSA-C2RX-5R8W-8XR2 Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size

Summary The default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify HTTP3SETTINGSMAXFIELDSECTIONSIZE, the implementation defaults to an unbounded limit. This insecure default configuration...

7.5CVSS5.5AI score0.0004EPSS

Github Security Blog•added 5 days ago•9 views

Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size

7.5CVSS5.5AI score0.0004EPSS

Exploits0References4Affected Software1

Snyk•added 5 days ago•4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the decodeLength function. An attacker can exhaust the server's direct memory pool by sending continuous streams of digits without a terminating \r\n across multiple concurren...

8.7CVSS5.5AI score0.00038EPSS

Exploits0References2

OSV•added 5 days ago•2 views

GHSA-6GHJ-FRRJ-JJJ3 Netty has Unbounded Direct Memory Consumption in its RedisDecoder

Summary An attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct memory pool OutOfDirectMemoryError, preventing legitimate connections from being processed. Details io.netty.handler.codec.redis.RedisDecoder decodes the...

Github Security Blog•added 5 days ago•7 views

Exploits0References5

Netty has Unbounded Direct Memory Consumption in its RedisDecoder

Exploits0References5Affected Software1

Github Security Blog•added 5 days ago•5 views

Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays

Summary An attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Details io.netty.handler.codec.redis.RedisArrayAggregator...

Exploits0References5Affected Software1

OSV•added 5 days ago•3 views

GHSA-3244-J874-RHC2 Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays

Snyk•added 5 days ago•4 views

Exploits0References5

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS in the RedisArrayAggregator function. An attacker can exhaust system memory by sending specially crafted Redis payloads containing deeply nested arrays, resulting in allocation of excessive state objects and...

8.7CVSS5.5AI score0.00038EPSS

Exploits0References2

CVE-2026-46305

A flaw was found in the Linux kernel, specifically within the rtl8723bs staging driver's osdep module. The rtwcbufalloc function does not properly validate the return value of a memory allocation, leading to an unconditional dereference of a potentially NULL pointer. This vulnerability could allo...

5.4AI score0.00018EPSS