CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/20 9:43 a.m.•3 views

MAL-2026-4574 Malicious code in gm-kilo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spoo...

6.2AI score

OSV•added 2026/05/20 8:14 a.m.•3 views

MAL-2026-4601 Malicious code in local-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...

5.9AI score

Exploits0References21

RedHat Linux•added 2026/05/20 6:55 a.m.•43 views

kernel: Read root-owned files as an unprivileged user

7.1CVSS5.8AI score0.00007EPSS

Exploits4References7

5.5CVSS6.8AI score0.00038EPSS

Astra Linux - уязвимость в webkit2gtk

The issue was addressed through improved checks. This issue is fixed in Safari 17.6, iOS 17.6, iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, and watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash...

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в webkit2gtk

The issue was addressed through improved checks. This issue is fixed in Safari 18.5, iOS 18.5, iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, and watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS7AI score0.01121EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в chromium

A stack buffer overflow in the GPU process in Google Chrome on Linux prior to version 88.0.4324.182 allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page...

8.8CVSS7.5AI score0.01083EPSS

Exploits1References1

AstraLinux•added 2026/05/20 5:53 a.m.•9 views

Astra Linux - уязвимость в webkit2gtk

This issue was addressed through improved state management. This issue is fixed in Safari 18.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS7.2AI score0.01179EPSS

9.1CVSS5.7AI score0.00072EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: libceph: Potential out-of-bounds reads in processmessageheader have been prevented. If the message frame is maliciously corrupted in such a way that the length of the control segment becomes shorter than the size of the message...

5.5CVSS6.1AI score0.00014EPSS

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: hns3: A deadlock issue was fixed when configuring TCP during the reset process. When configuring TCP during the reset process, a deadlock may occur. The sequence is as follows: 1. pf reset start 2. …… setup tc 3. ……...

AstraLinux•added 2026/05/20 5:53 a.m.•11 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed a memory leak in the createprocess failure. Fixed a memory leak caused by a leaked mmget reference in a error handling code path, which is triggered when attempting to create KFD processes while a GPU reset i...

5.5CVSS6.5AI score0.00012EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fixed a memory leak in airohaqdmarxprocess. If an error occurs in the subsequent buffers belonging to the non-linear part of the skb e.g., due to an error in the payload length reported by the NIC, or if all availabl...

5.5CVSS5.7AI score0.00013EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в webkit2gtk

A correctness issue was addressed through improved checks. This issue has been fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, and watchOS 26. Processing maliciously crafted web content may result in an unexpected process crash...

9.8CVSS6.6AI score0.00554EPSS

5.6CVSS7AI score0.0035EPSS

Astra Linux - уязвимость в ntp

In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when a \0' character is added. An adversary may be able to attack a client ntpq process, but they cannot attack the ntpd process...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A use-after-free bug in nilfsroot has been fixed in nilfsevictinode. During the unmount process of nilfs2, nothing holds the nilfsroot structure after nilfs2 detaches its writer in nilfsdetachlogwriter. However, since...

5.8AI score0.0004EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: In the bpf function, the task with pid=1 can be skipped in the sendsignalcommon function. The following kernel panic can occur when a task with pid=1 attempts to send a killing signal to itself. For more details, see 1. Kernel...

5.5CVSS6.1AI score0.00011EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The issue involves bcm: – a UAF Use-After-Free flaw in bcmprocshow. Bug: KASAN: A slabuse-after-free issue occurs in bcmprocshow+0x969/0xa80. A size 8 byte read was performed at address ffff888155846230 by the task cat/7862. CPU:...

7.8CVSS6.2AI score0.00014EPSS

5.5CVSS6.1AI score0.00007EPSS

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The issue related to “ALSA: firewire-lib: operate for period elapse event in process context” has been addressed. The commit 7ba5ca32fe6e “ALSA: firewire-lib: operate for period elapse event in process context” removed the proces...