CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/27 2:17 p.m.•3 views

UBUNTU-CVE-2026-45996

In the Linux kernel, the following vulnerability has been resolved: spi: imx: fix use-after-free on unbind The SPI subsystem frees the controller and any subsystem allocated driver data as part of deregistration unless the allocation is device managed. Take another reference before deregistering...

7.8CVSS5.7AI score0.00125EPSS

OSV•added 2026/05/27 2:17 p.m.•2 views

UBUNTU-CVE-2026-46103

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

5.8AI score0.00161EPSS

OSV•added 2026/05/27 2:17 p.m.•6 views

UBUNTU-CVE-2026-45923

In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catcprobe fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbsndbulkpipeusbdev, 1 and usbrcvbulkpipeusbdev, 1 for TX/RX -...

5.7AI score0.00205EPSS

OSV•added 2026/05/27 2:17 p.m.•2 views

UBUNTU-CVE-2026-46091

In the Linux kernel, the following vulnerability has been resolved: media: rc: igorplugusb: heed coherency rules In a control request, the USB request structure can be subject to DMA on some HCs. Hence it must obey the rules for DMA coherency. Allocate it separately...

5.7AI score0.00168EPSS

OSV•added 2026/05/27 2:17 p.m.•2 views

UBUNTU-CVE-2026-45883

In the Linux kernel, the following vulnerability has been resolved: iio: sca3000: Fix a resource leak in sca3000probe spi-irq from requestthreadedirq not released when iiodeviceregister fails. Add an return value check and jump to a common error handler when iiodeviceregister fails...

5.7AI score0.0021EPSS

OSV•added 2026/05/27 2:17 p.m.•3 views

UBUNTU-CVE-2026-46048

5.5CVSS5.7AI score0.00122EPSS

NVD•added 2026/05/27 2:16 p.m.•11 views

CVE-2026-45866

In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been freed. The race condition occurs between ldiscclose and packet...

0.0021EPSS

OSV•added 2026/05/27 2:16 p.m.•2 views

UBUNTU-CVE-2026-45866

5.7AI score0.0021EPSS

Vulnrichment•added 2026/05/27 1:20 p.m.•5 views

CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.1CVSS5.9AI score0.00132EPSS

EUVD•added 2026/05/27 1:20 p.m.•9 views

EUVD-2026-32500

5.1CVSS5.9AI score0.00132EPSS

EUVD•added 2026/05/27 12:58 p.m.•6 views

EUVD-2026-32466

In the Linux kernel, the following vulnerability has been resolved: spi: fix resource leaks on device setup failure Make sure to call controller cleanup if spisetup fails while registering a device to avoid leaking any resources allocated by setup...

5.8AI score0.00168EPSS

Debian CVE•added 2026/05/27 12:58 p.m.•8 views

CVE-2026-46083

5.7AI score0.00168EPSS

Exploits0

CVE•added 2026/05/27 12:57 p.m.•18 views

CVE-2026-46048

CVE-2026-46048 relates to a leak in the Linux kernel ALSA caiaq driver. The issue arises because create_card() takes a usb_get_dev() reference to a USB device and stores the corresponding usb_put_dev() in card_free(), which is registered as snd_card’s private_free destructor. However, private_fre...

5.5CVSS5.8AI score0.00122EPSS

Exploits0References8Affected Software1

ATTACKERKB•added 2026/05/27 12:57 p.m.•5 views

CVE-2026-46048

5.7AI score0.00122EPSS

Exploits0References9Affected Software1

Cvelist•added 2026/05/27 12:57 p.m.•35 views

CVE-2026-46048 ALSA: caiaq: fix usb_dev refcount leak on probe failure

0.00122EPSS

Cvelist•added 2026/05/27 12:56 p.m.•44 views

CVE-2026-46018 ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: stop parsing UAC2 rates at MAXNRRATES parseuac2sampleraterange caps the number of enumerated rates at MAXNRRATES, but it only breaks out of the current rate loop. A malformed UAC2 RANGE response with additional...

0.00155EPSS

CVE•added 2026/05/27 12:55 p.m.•17 views

CVE-2026-45996

The CVE-2026-45996 entry concerns a use-after-free in the Linux kernel SPI IMX driver (on unbind/deregistration). The root cause is that upon deregistering the SPI controller, driver data may be freed while still referenced, requiring an extra reference before deregistration to ensure data remain...

7.8CVSS5.8AI score0.00125EPSS

Exploits0References6Affected Software1

EUVD•added 2026/05/27 12:55 p.m.•10 views

EUVD-2026-32292

5.8AI score0.00125EPSS