CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: MIPS: Do not crash when calling stacktop for tasks without an ABI or vDSO. Not all tasks have an ABI associated with them, or a vDSO mapped to them. For example, kthreads never have such an ABI. If such a task calls stacktop, it...

5.5CVSS6.8AI score0.00171EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability in Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ELF: fixed the double read of kernel.randomizevaspace. The ELF loader uses “randomizevaspace” twice. This is a sysctl setting that can be changed at any time; therefore, two reads could potentially access different values,...

5.5CVSS5.9AI score0.00249EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in sane-backends

A out-of-bounds read in SANE backends before version 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, also known as GHSL-2020-081...

4.3CVSS6.1AI score0.01204EPSS

Exploits1References2

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux – Vulnerability in glibc

On the x86-64 architecture, the GNU C Library also known as glibc prior to version 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition. This allows local attackers to restrict the possible mapping addresses for loaded libraries,...

3.3CVSS6.6AI score0.00409EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A flaw in the processing of received ICMP errors such as ICMP fragments and ICMP redirections within the Linux kernel’s functionality was identified. This flaw allows an off-path remote user to quickly scan open UDP ports. This vulnerability enables a remote user to bypass the UDP source port...

7.4CVSS6.6AI score0.0674EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•7 views

Astra Linux – Vulnerability in exempi

The XMP Toolkit SDK versions 2020.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to the disclosure of arbitrary memory. An attacker could exploit this vulnerability to bypass security measures such as ASLR. Exploiting this issue requires user interaction, as the...

4.3CVSS6.3AI score0.01801EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•9 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in the .notes section. When building with CONFIGXENPV=y, .text symbols are emitted into the .notes section so that Xen can find the “startupxen” entry point. This information is used before booting...

5.5CVSS5.7AI score0.00307EPSS

RedhatCVE•added 2026/04/29 1:39 a.m.•1 views

CVE-2025-60887

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

CNNVD•added 2026/04/28 12:0 a.m.•5 views

Cista 代码问题漏洞

Cista is a C++ data serialization and reflection tool developed by Felix Gündling. Versions of Cista prior to 0.15 contained code vulnerabilities. These vulnerabilities stemmed from unsafe deserialization of untrusted inputs, which could lead to stack address leaks and bypassing ASLR protection...

5.3CVSS5.9AI score0.00236EPSS

Cvelist•added 2026/04/28 12:0 a.m.•27 views

CVE-2025-60887

5.3CVSS0.00236EPSS

Vulnrichment•added 2026/04/28 12:0 a.m.•2 views

CVE-2025-60887

Positive Technologies•added 2026/04/28 12:0 a.m.•3 views

PT-2026-35743

CVE•added 2026/04/28 12:0 a.m.•6 views

Exploits0References3

CVE-2025-60887

CVE-2025-60887 affects Cista v0.15 and earlier. The issue is insecure deserialization of untrusted input under certain conditions, which may leak stack/heap addresses and potentially bypass ASLR. Specifically, classes using pointer-like mechanics in the cista::raw namespace are vulnerable to refe...

NVD•added 2026/04/16 7:16 a.m.•0 views

CVE-2026-41034

ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion via pictFmla.cbBufInCtlStm and other vectors, leading to an information leak and ASLR bypass...

5CVSS0.00295EPSS

Positive Technologies•added 2026/04/16 12:0 a.m.•0 views

PT-2026-33272

5CVSS5.8AI score0.00295EPSS

NVD•added 2026/04/14 4:16 p.m.•1 views

CVE-2026-22828

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large...

8.1CVSS0.00901EPSS