CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/05/28 3:55 a.m.•10 views

SUSE CVE-2026-45968

In the Linux kernel, the following vulnerability has been resolved: cpuidle: Skip governor when only one idle state is available On certain platforms PowerNV systems without a power-mgt DT node, cpuidle may register only a single idle state. In cases where that single state is a polling state sta...

5.8AI score0.00032EPSS

Exploits0References3

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm: Check that output polling is initialized before disabling it. In drmkmshelperpolldisable, check that output polling is initialized before disabling polling. If not, flag this as a warning. Additionally, in...

5.5CVSS6.2AI score0.00008EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•7 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: sched/psi: The use of kernfs polling functions for PSI trigger polling was incorrect. Destroying the psitriggerdestroy in cgroupfilerelease can lead to Use-After-Free UAF issues when a cgroup is removed from a polling process. Th...

5.3AI score0.00027EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: Broadcom – bcm4908enet: Updates TX statistics after actual transmission. Queuing packets does not guarantee their transmission. Updates TX statistics after the hardware confirms that it is consuming the submitted data. This...

5.2AI score0.00024EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: igb: The napisynchronize function was removed from igbdown. When an AFXDP zero-copy application terminates abruptly e.g., using kill -9, the XSK buffer pool is destroyed, but NAPI polling continues. The igbcleanrxirqzc functio...

5.5CVSS5.6AI score0.00015EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PCI: Fixed the requirement that devices managed by PME polling must be in the RPMACTIVE state. The commit noted in the fixes added a spurious requirement that devices managed by runtime PM must be in the RPMACTIVE state for PME...

6.2CVSS5.6AI score0.00037EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use deltimersync instead of deltimer in the fw reset flow of the halting poll. Replace deltimer with deltimersync in the fw reset polling activation flow. This prevents a race condition that occurs when deltimer is call...

4.7CVSS5.7AI score0.00027EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•10 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed the destruction of kthread workers in polling mode. The cleanup order in polling mode irq worklist and WARNON!listempty&worker-delayedworklist. The original code called kthreadDestroyWorker before...

5.5CVSS5.8AI score0.00015EPSS

Tenable Nessus•added 2026/05/20 12:0 a.m.•6 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021652 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on...

5.5CVSS5.8AI score0.00017EPSS

Exploits0References3

Tenable Nessus•added 2026/05/20 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: chips-media: wave5: Fix kthread worker destruction in polling mode Fix the cleanup order in polling mode irq worklist and...

5.5CVSS5.9AI score0.00015EPSS

NVD•added 2026/05/19 2:16 p.m.•14 views

CVE-2025-40904

6.5CVSS0.0003EPSS

Cvelist•added 2026/05/19 1:23 p.m.•34 views

CVE-2025-40904 HTML injection in Smart Polling in Guardian/CMC before 26.1.0

6.5CVSS0.0003EPSS

EUVD•added 2026/05/19 1:23 p.m.•4 views

EUVD-2025-209895

ATTACKERKB•added 2026/05/19 1:23 p.m.•3 views

CVE-2025-40904

Vulnrichment•added 2026/05/19 1:23 p.m.•5 views

CVE-2025-40904 HTML injection in Smart Polling in Guardian/CMC before 26.1.0

CVE•added 2026/05/19 1:23 p.m.•15 views

CVE-2025-40904

The CVE-2025-40904 issue is a Stored HTML Injection in the Smart Polling feature. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags via sync; when a victim opens the affected remote strategy, injected HTML can render in their browser and enabl...

Exploits0References2Affected Software2

CNNVD•added 2026/05/19 12:0 a.m.•7 views

Nozomi Networks CMC和Nozomi Networks Guardian 跨站脚本漏洞

Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have cross-site...

6.5CVSS5.7AI score0.0003EPSS

NOZOMI•added 2026/05/19 12:0 a.m.•4 views

HTML injection in Smart Polling in Guardian/CMC before 26.1.0

Summary A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. Impact An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views th...

Exploits0Affected Software2

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41891