CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2 days ago•4 views

SUSE CVE-2026-46327

In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dmsuspendedmd The function dmblkreportzones tests if the device is suspended with the "dmsuspendedmd" call. However, this function is called without holding any locks, so the device may be suspended just...

5.4AI score0.00018EPSS

Exploits0References2

NVD•added 2 days ago•7 views

CVE-2026-45329

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

7.1CVSS0.00018EPSS

NVD•added 2 days ago•8 views

CVE-2026-44634

SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleblewrite function local,...

8.7CVSS0.00042EPSS

CVE•added 2 days ago•9 views

CVE-2026-45329

ESF-IDF (Espressif IoT Development Framework) contains a vulnerability in ESP-TEE secure-service wrappers (esp_secure_services.c and esp_secure_services_iram.c) affecting versions 5.5.4 and 6.0. Several caller-supplied pointer arguments were not fully validated, allowing inputs to reference TEE-e...

Exploits0References4Affected Software1

Cvelist•added 2 days ago•30 views

CVE-2026-45329 ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

7.1CVSS0.00018EPSS

EUVD•added 2 days ago•6 views

EUVD-2026-35917

Vulnrichment•added 2 days ago•4 views

CVE-2026-45329 ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

EUVD•added 2 days ago•7 views

EUVD-2026-35841

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

6.1CVSS5.6AI score0.00055EPSS

NVD•added 2 days ago•5 views

CVE-2026-46539

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops...

5.9CVSS0.00014EPSS

9.8CVSS5.5AI score0.00031EPSS

PT-2026-48395

Name of the Vulnerable Software and Affected Versions Doctreat Core plugin for WordPress versions prior to 1.6.9 Description The plugin is subject to privilege escalation because the doctreat process registration function does not properly restrict the roles assigned during user registration. Thi...

Exploits0References6

Positive Technologies•added 2 days ago•6 views

PT-2026-48468

Summary Stack-based Buffer Overflow vulnerability in Erlang OTP erts inet drv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp parse error chunk function in erts/emulator/drivers/common/inet drv.c parses SCTP ERROR chunks and writes...

8.8CVSS5.6AI score0.00096EPSS

Exploits0References6

6.7CVSS5.5AI score0.00013EPSS

PT-2026-48413

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary...

Exploits1References3

3.6CVSS5.4AI score0.00012EPSS

PT-2026-48513

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...

Exploits0References5

8.6CVSS5.4AI score0.0006EPSS

PT-2026-48548

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting...

Exploits0References2

Positive Technologies•added 2 days ago•6 views

PT-2026-48569

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-50 ImageMagick versions prior to 7.1.2-25 Description A missing check for maximum memory request in the AcquireAlignedMemory function can trigger an out-of-memory condition, leading to a denial of service...

7.5CVSS5.5AI score0.0004EPSS

Positive Technologies•added 2 days ago•6 views

PT-2026-48351

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp secure services.c and esp secure services iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...