CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

EUVD•added 2026/05/15 7:34 p.m.•11 views

EUVD-2026-30619

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...

5.4CVSS5.8AI score0.00178EPSS

Exploits1References1

Github Security Blog•added 2026/05/04 8:50 p.m.•6 views

CI4MS has a Deactivated User Session Bypass (active=0)

Summary The auth filter has the deactivated/banned user check commented out. Details CodeIgniter Shield's loggedIn re-checks the status field catching status='banned', but does not re-check the active field for existing sessions. When an admin deactivates a user active=0 after they have already...

5.3CVSS5.9AI score0.00269EPSS

Exploits0References5Affected Software1

Tenable Nessus•added 2025/10/24 12:0 a.m.•2 views

EulerOS 2.0 SP13 : libblockdev (EulerOS-SA-2025-2298)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

7CVSS7.8AI score0.00423EPSS

Exploits18References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-51793

Malicious code in bioql PyPI...

5.5CVSS7.1AI score0.00189EPSS

Exploits0References7

OSV•added 2025/09/17 3:15 p.m.•2 views

DEBIAN-CVE-2022-50370

In the Linux kernel, the following vulnerability has been resolved: i2c: designware: Fix handling of real but unexpected device interrupts Commit c7b79a752871 "mfd: intel-lpss: Add Intel Alder Lake PCH-S PCI IDs" caused a regression on certain Gigabyte motherboards for Intel Alder Lake-S where...

5.5CVSS5.5AI score0.00189EPSS

Exploits0References1

Cvelist•added 2025/09/17 2:56 p.m.•21 views

CVE-2022-50370 i2c: designware: Fix handling of real but unexpected device interrupts

0.00189EPSS

Exploits0References4

SUSE CVE•added 2025/07/04 11:22 p.m.•6 views

SUSE CVE-2025-38174

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Do not double dequeue a configuration request Some of our devices crash in tbcfgrequestdequeue: general protection fault, probably for non-canonical address 0xdead000000000122 CPU: 6 PID: 91007 Comm: kworker/6:2...

4.7CVSS6.5AI score0.0015EPSS

Exploits0References23

RedHat Linux•added 2025/05/13 8:28 a.m.•4 views

kernel: net/mlx5: fs, lock FTE when checking if active

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. - Lock...

5.5CVSS6.8AI score0.00189EPSS

Exploits0References5

OSV•added 2025/05/01 3:16 p.m.•6 views

UBUNTU-CVE-2022-49882

In the Linux kernel, the following vulnerability has been resolved: KVM: Reject attempts to consume or refresh inactive gfntopfncache Reject kvmgpccheck and kvmgpcrefresh if the cache is inactive. Not checking the active flag during refresh is particularly egregious, as KVM can end up with a vali...

7.8CVSS6.2AI score0.00157EPSS

Exploits0References5

AstraLinux•added 2025/02/11 7:35 a.m.•1 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: The fs and lock operations during checks for active status. The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from the hardware, set the hardware deletion function to NULL...

5.5CVSS5.7AI score0.00189EPSS

Exploits0References3

SUSE CVE•added 2024/12/03 12:16 a.m.•5 views

SUSE CVE-2024-53121

5.5CVSS7.4AI score0.00189EPSS

Exploits0References17