CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/25 8:46 a.m.•10 views

CVE-2026-31676

The CVE-2026-31676 issue concerns the Linux kernel’s rxrpc subsystem. A flaw allowed duplicate or late RESPONSE packets to be processed outside the intended RXRPC_CONN_SERVICE_CHALLENGING state. The fix enforces state-checking under a state_lock before performing response verification and securit...

7.5CVSS5.4AI score0.00118EPSS

Exploits0References8Affected Software1

OSV•added 2026/04/25 5:50 a.m.•4 views

OESA-2026-2082 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is...

OESA-2026-2080 shim security update

OESA-2026-2079 shim security update

OESA-2026-2078 shim security update

9.8CVSS6.8AI score0.00141EPSS

OESA-2026-2041 openssl security update

Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...

Exploits0References7

OSV•added 2026/04/25 5:48 a.m.•2 views

OESA-2026-2015 firebird security update

Firebird is a relational database offering many ANSI SQL standard features that runs on Linux, Windows, MacOS and a variety of Unix platforms. Firebird offers excellent concurrency, high performance, and powerful language support for stored procedures and triggers. It has been used in production...

9.9CVSS6.8AI score0.00586EPSS

Exploits8References10

Fedora•added 2026/04/25 1:53 a.m.•3 views

[SECURITY] Fedora 44 Update: libinput-1.31.1-1.fc44

libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. It provides device detection, device handling, input device event processing and abstraction so minimize the amount of custom input code the user of libinput...

8.8CVSS5.3AI score0.00023EPSS

Exploits0

SUSE CVE•added 2026/04/25 1:43 a.m.•2 views

SUSE CVE-2026-6921

Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. Chromium security severity: Medium...

8.3CVSS5.4AI score0.00028EPSS

SUSE CVE•added 2026/04/25 1:37 a.m.•4 views

SUSE CVE-2026-31638

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if one was acquired rxrpcinputpacketonconn can process a to-client packet after the current client call on the channel has already been torn down. In that case chan-call is NULL, rxrpctrygetcall retur...

7.5CVSS5.5AI score0.00074EPSS

Tenable Nessus•added 2026/04/25 12:0 a.m.•4 views

SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2026:1596-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1596-1 advisory. - CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. - CVE-2026-33900: Denial of Service via integer truncati...

7.5CVSS5.6AI score0.0002EPSS

Exploits0References19

Tenable Nessus•added 2026/04/25 12:0 a.m.•4 views

SUSE SLES15 Security Update : ImageMagick (SUSE-SU-2026:1597-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1597-1 advisory. - CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. - CVE-2026-33900: Denial of Service via...

7.5CVSS5.9AI score0.0002EPSS

Exploits0References34

RedhatCVE•added 2026/04/24 9:25 p.m.•3 views

CVE-2026-31640

A flaw was found in the Linux kernel's rxrpc component. This vulnerability occurs in the rxrpcpostresponse function, where the system incorrectly compares a newer network packet's data instead of the expected cached response. This error causes the challenge serial number comparison to always be...

7.5CVSS5.3AI score0.00054EPSS

Exploits0References4

RedhatCVE•added 2026/04/24 8:38 p.m.•2 views

CVE-2026-31625

A flaw was found in the Linux kernel's HID Human Interface Device alps driver. This vulnerability, a NULL pointer dereference, occurs because the driver attempts to process raw events without properly verifying if the device has been claimed. An attacker could potentially exploit this to cause a...

5.5CVSS5.3AI score0.00014EPSS

Exploits0References4

NVD•added 2026/04/24 5:16 p.m.•2 views

CVE-2026-41411

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

6.6CVSS0.00144EPSS

ATTACKERKB•added 2026/04/24 4:51 p.m.•1 views

CVE-2026-41411

6.6CVSS5.4AI score0.00144EPSS

Exploits0References4Affected Software1

AlpineLinux•added 2026/04/24 4:51 p.m.•2 views

CVE-2026-41411

6.6CVSS5.4AI score0.00144EPSS