CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в wireshark

RTSP protocol dissector crashes in Wireshark versions 4.6.0 to 4.6.4...

5.5CVSS5.8AI score0.00124EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Return queued buffers on startstreaming failure Buffers are returned if streaming fails to start due to a uvcpmget error. This bug may be responsible for the warning that I encountered during testing. The issue...

7.8CVSS5.2AI score0.00128EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: “Revert ‘media: iris’: Add a sanity check for stopping streaming.” This change is reflected in the commit ad699fa78b59241c9d71a8cafb51525f3dab04d4. The check that previously skipped “stopstreaming” when the instance was in...

5.5CVSS5.5AI score0.00126EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в openssl

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support SMIME, CMS, and PKCS7 streaming capabilities. However, it can also be called directly by end-user applications. This function receives a BIO from...

7.5CVSS7AI score0.04494EPSS

Cvelist•added 2026/05/19 6:43 p.m.•32 views

CVE-2026-41470 LIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session Token

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

8.2CVSS0.00486EPSS

Vulnrichment•added 2026/05/19 6:43 p.m.•9 views

CVE-2026-41470 LIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session Token

8.2CVSS5.8AI score0.00486EPSS

CVE•added 2026/05/19 6:43 p.m.•16 views

CVE-2026-41470

The CVE describes an authorization bypass in LIVE555’s RTSP server prior to 2026.04.22. The root cause is improper handling of RTSP session commands that allows an attacker to replay a valid Session token from an unauthenticated connection. With a valid token, an attacker can issue PLAY and TEARD...

8.2CVSS5.8AI score0.00486EPSS

Packet Storm News•added 2026/05/19 12:0 a.m.•8 views

SAGE: Scalable Automatic Gating Ensemble for Confident Negative Harvesting in Fraud Detection

Music streaming fraud, where bad actors artificially inflate stream counts to manipulate chart rankings and royalty payments, poses a significant threat to streaming services and legitimate content creators. Traditional fraud detection approaches struggle with a critical challenge: many legitimat...

Fedora•added 2026/05/18 12:59 a.m.•14 views

[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.6.1-1.fc43

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

GithubExploit•added 2026/05/18 12:9 a.m.•54 views

sec-recon-agent

sec-recon-agent Type-safe security triage built on Pydantic A...

OSV•added 2026/05/15 6:32 p.m.•11 views

GHSA-XW67-CG5F-4M2R AVideo: OS command injection in on_publish.php execAsync via unescaped m3u8 URL

Summary Type: Classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling escapeshellarg. A ' in any of the three interpolated values $usersid, $m3u8,...

8.8CVSS6.3AI score0.00318EPSS

OSV•added 2026/05/15 8:42 a.m.•5 views

BIT-GRAFANA-2026-28376 Grafana Live push endpoint allows unbounded memory allocation leading to OOM

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

EUVD•added 2026/05/13 9:32 p.m.•12 views

EUVD-2026-30138

UbuntuCve•added 2026/05/13 8:16 p.m.•5 views

CVE-2026-28376

ATTACKERKB•added 2026/05/13 7:28 p.m.•5 views

CVE-2026-28376

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/13 7:28 p.m.•6 views

CVE-2026-28376 Grafana Live push endpoint allows unbounded memory allocation leading to OOM

Wired Threat Level•added 2026/05/13 7:3 p.m.•7 views

Exploits0References1

DHS Plans Experiment Running ‘Reconnaissance’ Drones Along the US-Canada Border

Autonomous drones and ground vehicles will stream “battlefield intelligence” over 5G along the US-Canada border in a bilateral DHS experiment this fall...