CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

UbuntuCve•added 2026/04/22 5:16 p.m.•8 views

CVE-2026-35356

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

6.3CVSS5.9AI score0.00107EPSS

Exploits0References2

UbuntuCve•added 2026/04/22 5:16 p.m.•6 views

CVE-2026-35374

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

6.3CVSS5.8AI score0.00074EPSS

Exploits0References2

UbuntuCve•added 2026/04/21 9:16 p.m.•4 views

CVE-2026-35236

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7.2AI score0.00242EPSS

UbuntuCve•added 2026/04/21 9:16 p.m.•4 views

CVE-2026-35240

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS7.2AI score0.00242EPSS

Debian CVE•added 2026/04/20 4:18 p.m.•8 views

CVE-2026-41445

KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kissfftndralloc function in kissfftndr.c where the allocation size calculation dimOtherdimReal+2sizeofkissfftscalar overflows signed 32-bit integer arithmetic before being widened to sizet, causing malloc to allocate ...

8.8CVSS5.6AI score0.00288EPSS

Chainguard•added 2026/04/18 7:17 p.m.•6 views

GHSA-CJ8J-37RH-8475 vulnerabilities

Vulnerabilities for packages: jenkins, apache-nifi-registry, apache-nifi, wildfly, gradle...

Debian CVE•added 2026/04/17 6:48 p.m.•3 views

CVE-2026-33337

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

7.5CVSS5.6AI score0.00543EPSS

Exploits1

UbuntuCve•added 2026/04/15 8:16 p.m.•6 views

CVE-2026-6318

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00334EPSS

UbuntuCve•added 2026/04/15 8:16 p.m.•6 views

CVE-2026-6296

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS6.2AI score0.00339EPSS

Chainguard•added 2026/04/11 2:19 a.m.•2 views

GHSA-QF82-86X2-7Q23 vulnerabilities

Vulnerabilities for packages: firefox...

Chainguard•added 2026/04/08 1:17 a.m.•3 views

GHSA-736H-475M-XHJC vulnerabilities

Vulnerabilities for packages: grafana, grafana-fips...

Debian CVE•added 2026/04/07 2:22 p.m.•6 views

CVE-2026-33034

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.4AI score0.00769EPSS

Wolfi•added 2026/04/07 1:48 a.m.•7 views

GHSA-P998-JP59-783M vulnerabilities

Vulnerabilities for packages: checkov, kserve, open-webui, airflow, py3-cassandra-medusa, dask-kubernetes, kubeflow-pipelines-visualization-server...

Chainguard•added 2026/04/07 1:17 a.m.•3 views

GHSA-WH4C-J3R5-MJHP vulnerabilities

Vulnerabilities for packages: arangodb, saf, sqlpad...

Debian CVE•added 2026/04/03 3:15 p.m.•3 views

CVE-2026-23472

In the Linux kernel, the following vulnerability has been resolved: serial: core: fix infinite loop in handletx for PORTUNKNOWN uartwriteroom and uartwrite behave inconsistently when xmitbuf is NULL which happens for PORTUNKNOWN ports that were never properly initialized: - uartwriteroom returns...

5.5CVSS5.2AI score0.00121EPSS

Debian CVE•added 2026/04/03 3:15 p.m.•3 views

CVE-2026-23434

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device lock. On controllers that implement SETFEATURES via multiple low-lev...

7.1CVSS5.2AI score0.00126EPSS

Debian CVE•added 2026/04/03 1:24 p.m.•3 views

CVE-2026-23418

In the Linux kernel, the following vulnerability has been resolved: drm/xe/regsr: Fix leak on xastore failure Free the newly allocated entry when xastore fails to avoid a memory leak on the error path. v2: use goto failfree. Bala cherry picked from commit 6bc6fec71ac45f52db609af4e62bdb96b9f5fadb...

5.5CVSS5.3AI score0.00113EPSS

UbuntuCve•added 2026/03/30 12:0 a.m.•3 views

CVE-2026-33995

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c can cause a crash in any FreeRDP clients on systems where...

5.3CVSS5.8AI score0.00282EPSS

Exploits0References2

Debian CVE•added 2026/03/28 11:58 a.m.•5 views

CVE-2016-20038

Removed by vendor...

8.6CVSS5.2AI score0.00177EPSS