CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

267 matches found

Advisory ROSA-SA-2026-3311

Component: avahi 0.8 OS: ROSA-CHROME Unaffected versions: = avahi-0.8-12.git35bb1b.11 Affected versions: avahi-0.8-12.git35bb1b.11 CVE-ID: CVE-2026-34933 BDU-ID: None CVE-Crit: Medium CVE-DESC.: The vulnerability in Avahi allows an unprivileged local user to cause an emergency termination of...

5.5CVSS5.8AI score0.00008EPSS

Exploits1

Rosalinux•added 3 days ago•5 views

Advisory ROSA-SA-2026-3310

CVE-ID: CVE-2021-33454 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: Vulnerability related to the pointer manipulation in yasm version 1.3.0, within the function yasmexprgetintnum in libyasm/expr.c. CVE-STATUS: The vulnerability has been fixed. CVE-REVIEW: To address this vulnerability, execute...

5.5CVSS6AI score0.00137EPSS

Exploits4

Rosalinux•added 3 days ago•5 views

Advisory ROSA-SA-2026-3305

CVE-ID: CVE-2016-10506 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: Vulnerabilities involving division by zero in functions opjpinextcprl, opjpinextpcrl, and opjpinextrpcl in the pi.c file of OpenJPEG allow a malicious attacker to cause a service failure abrupt termination of the application...

6.5CVSS5.8AI score0.04295EPSS

Exploits0

Rosalinux•added 3 days ago•7 views

Advisory ROSA-SA-2026-3298

Software: wget 1.21.3 Operating System: ROSA-CHROME Unaffected versions: = wget-1.21.3-2 Affected versions: wget-1.21.3-2 CVE-ID: CVE-2024-38428 BDU-ID: 2024-04683 CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability in the userinfo URI of the GNU Wget download manager is related to insecure...

9.1CVSS5.8AI score0.00197EPSS

Exploits0

Rosalinux•added 3 days ago•7 views

Advisory ROSA-SA-2026-3297

CVE-ID: CVE-2024-41817 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The vulnerability in the AppImage version of ImageMagick relates to the use of an empty path during the installation of environment variables MAGICKCONFIGUREPATH and LDLIBRARYPATH. This allows attackers to execute arbitrary code by...

9.8CVSS6.5AI score0.18593EPSS

Exploits14

Rosalinux•added 3 days ago•5 views

Advisory ROSA-SA-2026-3296

CVE-ID: CVE-2020-10809 BDU-ID: 2024-07119 CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in the Decompress function in the decompress.c file. This vulnerability is related to writing beyond the memory bounds. Exploitation of this vulnerability could allow an attacker to cause a service failure...

9.8CVSS6.5AI score0.00474EPSS

Exploits4

NVD•added 2026/05/27 8:16 a.m.•11 views

CVE-2026-40823

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...

7CVSS0.00043EPSS

Exploits0References1

Amazon•added 2026/05/26 12:0 a.m.•9 views

Important: valkey

Issue Overview: Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated...

8.8CVSS6.1AI score0.00103EPSS

Exploits0

Amazon•added 2026/05/26 12:0 a.m.•6 views

Important: kernel-livepatch-6.1.170-208.319

Issue Overview: PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through iouring fixed buffers. Affected Packages: kernel-livepatch-6.1.170-208.319 Issue Correction: Please ensure you have live patching enabled...

5.8AI score

Exploits0

Amazon•added 2026/05/26 12:0 a.m.•4 views

Important: kernel-livepatch-6.12.80-105.147

Issue Overview: PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through iouring fixed buffers. Affected Packages: kernel-livepatch-6.12.80-105.147 Issue Correction: Please ensure you have live patching enabled...

5.8AI score

Exploits0

Amazon•added 2026/05/26 12:0 a.m.•14 views

Important: kernel-livepatch-6.12.83-113.160

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 In the Linux kernel, the...

8.8CVSS6AI score0.43539EPSS

Exploits37

OSV•added 2026/05/21 1:49 p.m.•10 views

MAL-2026-4405 Malicious code in @lokuma/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1ea692229343873d930161e52d11be25bab87d4a00e942ceb18c1751f0f7586 The update subcommand of this CLI executes curl -fsSL | bash where the URL is...

6AI score

Exploits0References1

Rosalinux•added 2026/05/20 7:5 a.m.•10 views

Advisory ROSA-SA-2026-3289

software: kernel-6.1 6.1.152 OS: ROSA-CHROME unaffected versions = kernel-6.1-6.1.1.152-4 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption and...

7.8CVSS5.8AI score0.00254EPSS

Exploits12

Rosalinux•added 2026/05/19 2:20 p.m.•4 views

Advisory ROSA-SA-2026-3281

software: libde265 1.0.18 OS: ROSA-CHROME unaffected versions = libde265-1.0.18-1 affected versions libde265-1.0.18-1 CVE-ID: CVE-2025-61147 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in strukturag libde265 commit d9fea9d is related to a segmentation error in the...

6.2CVSS5.7AI score0.00021EPSS

Exploits1

Rosalinux•added 2026/05/19 2:18 p.m.•5 views

Advisory ROSA-SA-2026-3280

software: etcd 3.6.10 OS: ROSA-CHROME unaffected versions = etcd-3.6.10-1 affected versions etcd-3.6.10-1 CVE-ID: CVE-2026-33343 BDU-ID: None CVE-Crit: NO DATA CVE-DESC.: A vulnerability in etcd allows an authenticated user with limited RBAC rights to bypass key-level authorization using nested...

6.5CVSS5.7AI score0.00021EPSS

Exploits0

Rosalinux•added 2026/05/08 12:24 p.m.•6 views

Advisory ROSA-SA-2026-3265

software: kernel-6.12 6.12.74 WASP: ROSA-CHROME unaffected versions = kernel-6.12-6.12.74-9 affected versions kernel-6.12-6.12.74-9 CVE-ID: CVE-2026-43284 BDU-ID: None CVE-Crit: NO DATA CVE-DESC.: A vulnerability in the Linux kernel's xfrm subsystem ESP allows data decryption over non-packet skb...

8.8CVSS6AI score0.38453EPSS

Exploits28

Rosalinux•added 2026/05/06 9:35 p.m.•5 views

Advisory ROSA-SA-2026-3259

software: kernel-5.10 5.10.244 WASP: ROSA-CHROME unaffected versions = kernel-5.10-5.10.244-2 affected versions kernel-5.10-5.10.244-2 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perform AEAD...

7.8CVSS6AI score0.02235EPSS

Exploits225

Amazon•added 2026/05/05 12:0 a.m.•3 views

Important: kernel-livepatch-6.18.16-18.222

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...

7.8CVSS6AI score0.02235EPSS

Exploits225

RedhatCVE•added 2026/04/03 10:57 a.m.•1 views

CVE-2026-33615

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability...

9.1CVSS6AI score0.00036EPSS

Exploits0References1

NVD•added 2026/04/02 10:16 a.m.•3 views

CVE-2026-33615

9.1CVSS0.00036EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by