CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Amazon•added 2026/05/26 12:0 a.m.•7 views

Important: kernel-livepatch-6.12.80-106.156

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.12.80-106.156 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.8CVSS6AI score0.00254EPSS

Amazon•added 2026/05/26 12:0 a.m.•7 views

Important: kernel-livepatch-6.1.168-203.330

Issue Overview: PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through iouring fixed buffers. Affected Packages: kernel-livepatch-6.1.168-203.330 Issue Correction: Please ensure you have live patching enabled...

5.8AI score

Amazon•added 2026/05/26 12:0 a.m.•10 views

Important: kernel-livepatch-6.18.20-20.229

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.18.20-20.229 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.8CVSS6AI score0.00254EPSS

Amazon•added 2026/05/26 12:0 a.m.•8 views

Important: cri-tools

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

7.5CVSS7.2AI score0.00054EPSS

Amazon•added 2026/05/26 12:0 a.m.•5 views

Important: kernel-livepatch-6.12.73-95.123

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.12.73-95.123 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

7.8CVSS6AI score0.00254EPSS

Amazon•added 2026/05/15 12:0 a.m.•6 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel Issue Correction: Run dnf update kernel --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1710...

6AI score0.00254EPSS

Amazon•added 2026/05/09 12:0 a.m.•4 views

Important: kernel-livepatch-6.1.170-208.319

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

Amazon•added 2026/05/09 12:0 a.m.•4 views

Important: kernel-livepatch-5.10.252-250.1005

Amazon•added 2026/05/09 12:0 a.m.•5 views

Important: kernel-livepatch-6.12.74-98.124

Amazon•added 2026/05/09 12:0 a.m.•7 views

Important: kernel-livepatch-6.18.20-41.237

Amazon•added 2026/05/05 12:0 a.m.•4 views

Important: kernel-livepatch-6.1.168-202.320

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...

7.8CVSS6AI score0.02235EPSS

Exploits225

Amazon•added 2026/04/30 12:0 a.m.•2 views

Medium: nodejs24

Issue Overview: @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric...

9.2CVSS5.3AI score0.0002EPSS

Exploits3

Amazon•added 2026/04/30 12:0 a.m.•2 views

Important: maven3.9

Issue Overview: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code CVE-2025-67030 Affected Packages: maven3.9 Issue Correction: Run dnf...

8.8CVSS5.9AI score0.00427EPSS

Amazon•added 2026/04/13 12:0 a.m.•4 views

Important: freerdp

Issue Overview: DoS via WINPRASSERT in rtsreadauthverifiernochecks NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93 CVE-2026-33952 DoS via WINPRASSERT in IMA ADPCM audio decoder dsp.c:331 NOTE:...

8.1CVSS5.8AI score0.00132EPSS

Exploits2

Amazon•added 2026/04/13 12:0 a.m.•4 views

Important: python3.11

Issue Overview: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open. CVE-2026-4519 Affected Packages:...

7CVSS5.8AI score0.00015EPSS

Amazon•added 2026/04/01 12:0 a.m.•2 views

Important: amazon-ssm-agent

Issue Overview: cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code execution when invoking toolchain CVE-2025-68119 Affected Packages: amazon-ssm-agent Issue Correction: Run dnf update amazon-ssm-agent --releasever 2023.10.20260330 or d...

7.8CVSS6.4AI score0.00018EPSS