CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: habanalabs: fixed a possible memory leak in MMU DR fini. This patch corrects what appears to be a copy-paste error. A memory leak will occur if the host-resident shadow is NULL which is likely to happen since the DR and HR are no...

5.5CVSS6.1AI score0.00223EPSS

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability in Shadow

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file...

3.3CVSS5.2AI score0.00428EPSS

Exploits1References2

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only warnings are issued when overwriting a shadow-present SPTE, specifically when it occurs in direct MMUs. The sanity check of KVM is adjusted to only apply to direct MMUs, i.e., only to MMUs that do not have...

5.5CVSS5.8AI score0.00165EPSS

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scs: A wrong parameter was fixed in scsmagic. The scsmagic function requires a void variable, but a struct taskstruct is provided instead. taskscstsk represents the starting address of the task’s shadow call stack, and...

5.5CVSS5.7AI score0.00123EPSS

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmbtreeremove: Assign newroot only when the removal succeeds. The removeraw function in dmbtreeremove may fail due to IO read errors e.g., failure to read the content of the origin block during shadowing. Additionally, the value ...

5.5CVSS5.8AI score0.00259EPSS

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: sched/scs: The task stack state is reset in bringupcpu. When a CPU is hot-plugged, the idle task on that CPU calls several layers of C code before finally leaving the kernel. When KASAN is in use, a “poisoned” shadow is left behi...

7.8CVSS6.2AI score0.0026EPSS

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability in Linux 5.15

In the efirtasmwrapper of efi-rt-wrapper.S, there is a possible way to bypass shadow stack protection due to a logical error in the code. This could result in a local escalation of privileges without the need for additional execution privileges. User interaction is not required for exploitation...

7.8CVSS6.8AI score0.00189EPSS

Exploits1References2

NVD•added 6 days ago•10 views

CVE-2026-47833

setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownersh...

6.9CVSS0.00125EPSS

CVE•added 6 days ago•16 views

CVE-2026-47833

The CVE-2026-47833 issue affects bpm-release (all versions prior to v1.4.30). A compromised process inside a bpm container can trigger setupBpmLogs to follow a symlink for bpm.log, then perform chown on a host file to the user vcap, enabling container-to-host privilege escalation via the host’s /...

6.9CVSS5.5AI score0.00125EPSS

EUVD•added 6 days ago•10 views

EUVD-2026-37929

6.9CVSS5.4AI score0.00125EPSS

NVD•added 6 days ago•8 views

CVE-2026-42488

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

8.1CVSS0.00353EPSS

Exploits0References3

Cvelist•added 6 days ago•15 views

CVE-2026-42488 x86: mismatched mapcache metadata

0.00353EPSS

CVE•added 6 days ago•23 views

CVE-2026-42488

CVE-2026-42488 concerns the Xen hypervisor. Some shadow paging error paths can switch page-tables without updating the running vCPU reference, causing a mismatch between loaded page-tables and mapcache metadata and potentially leading to mapcache corruption. Affected products/versions are implied...

8.1CVSS5.3AI score0.00353EPSS

Exploits0References3

ATTACKERKB•added 6 days ago•5 views

CVE-2026-42488

8.1CVSS5.3AI score0.00353EPSS

Debian CVE•added 6 days ago•7 views

CVE-2026-42488

8.1CVSS5.4AI score0.00353EPSS

EUVD•added 6 days ago•7 views

EUVD-2026-37891

8.1CVSS5.4AI score0.00353EPSS

Cloud Foundry•added 6 days ago•6 views

CVE-2026-47833 - Symlink vulnerability in setupBpmLogs allows container-to-host privilege escalation via /etc/shadow | Cloud Foundry

Medium CVSS score: 6.8 Medium CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/S:U/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Vendor Cloud Foundry Foundation Versions Affected Severity is Medium unless otherwise noted. bpm-release – All versions prior to v1.4.30 Description setupBpmLogs follows symlink for bpm.log open and...

6.9CVSS5.6AI score0.00125EPSS

Metasploit•added last week•106 views

NTLM Relay to Self (HTTP to LDAP) - Post Exploitation

This module performs an NTLM relay-to-self privilege escalation attack. It starts an HTTP-to-LDAP relay server on the compromised host, then triggers the WebClient service via an ETW event allowing a low-privilege user to start it, and coerces the local machine account to authenticate via...

5.4AI score