CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1959 matches found

CVE-2026-53198

In the Linux kernel ksmbd, CVE-2026-53198 describes a use-after-free in a deferred file_lock tied to SMB2_CANCEL handling. A deferred byte-range lock registers async work via setup_async_work() with a cancel_fn and cancel_argv[0] pointing at the file_lock. If the SMB2_CANCEL path frees the file_l...

5.7AI score

Exploits0References6

EUVD•added yesterday•3 views

EUVD-2026-38953

In the Linux kernel, the following vulnerability has been resolved: bpf: fix mm lifecycle in open-coded taskvma iterator The open-coded taskvma iterator reads task-mm locklessly and acquires mmapreadtrylock but never calls mmget. If the task exits concurrently, the mmstruct can be freed as it is...

5.7AI score

Exploits0References4

EUVD•added yesterday•3 views

EUVD-2026-38914

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine ksmbdcryptmessage sets a NULL completion callback on AEAD requests and does not handle the -EINPROGRESS return code from async hardware crypto engines like the...

5.8AI score

Exploits0References7

RedhatCVE•added 2 days ago•7 views

CVE-2026-47141

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. Prior to version 3.11.4, NodeVM, a component of vm2, improperly exposed certain process-wide observability builtins, such as diagnosticschannel, asynchooks, and perfhooks. These builtins, which are designed for...

8.6CVSS5.7AI score0.00308EPSS

Exploits0References6

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that initiated the operation. That pointer will be used when the device is completed—which could happen at any time ...

7.8CVSS6.1AI score0.00224EPSS

Exploits0References2

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tls: Purged asynchold from tlsdecryptasyncwait The asynchold queue holds encrypted input data while the AEAD engine references their scatterlist data. Once tlsdecryptwait returns, all AEAD operations are completed, and the engine...

7.5CVSS5.7AI score0.00238EPSS

Exploits0References1

AstraLinux•added 6 days ago•2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: Fixed a memory leak that occurred due to a failure in usbsubmiturb. In asyncsetregisters, when usbsubmiturb fails, the allocated asyncreq structure and URB are not freed, resulting in a memory leak. The...

5.5CVSS5.3AI score0.00114EPSS

Exploits0References1

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: wwan: t7xx: Fixed the FSM command timeout issue When the driver processes the internal state change command, it uses an asynchronous thread to handle the command operation. If the main thread detects that the task has tim...

5.5CVSS6.3AI score0.00217EPSS

Exploits0References2

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1, Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: TLS: Fixed a race condition between the async notify and socket close operations. The thread that submitted the request the one that called recvmsg/sendmsg may exit as soon as the async crypto handler’s complete function is...

4.7CVSS5.9AI score0.00177EPSS

Exploits0References2

AstraLinux•added 6 days ago•2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint – Avoid creating sub-groups asynchronously Asynchronous creation of sub-groups by a delayed operation could lead to a NULL pointer dereference when the driver directory is removed before the operation completes. The...

5.5CVSS5.6AI score0.00118EPSS

Exploits0References1

AstraLinux•added 6 days ago•7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: fixed a possible memory leak in smb2lock. argv needs to be freed when setupasyncwork fails, or when the current process is awakened...

5.3AI score0.00156EPSS

Exploits0References2

AstraLinux•added 6 days ago•6 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mfd: pcf50633-adc: Fixed a potential memory leak in pcf50633adcasyncread. The variable req is allocated in pcf50633adcasyncread, but adcenqueuerequest might fail to insert the req into the queue. We need to check the return value...

5.3AI score0.00191EPSS

Exploits0References2

OSV•added 6 days ago•6 views

RHSA-2026:27076 Red Hat Security Advisory: Satellite 6.16.9 Async Update

Bulletin has no description...

9.1CVSS6.7AI score0.00522EPSS

Exploits3References63

OSV•added 2026/06/15 8:19 p.m.•5 views

GHSA-MGF9-4VPG-HJ56 tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate There has always been a limit for the total compressed size. This allows a malicious server to consume effectively unlimited amounts of...

7.5CVSS5.4AI score0.00052EPSS

Exploits0References2

NVD•added 2026/06/12 3:16 p.m.•10 views

CVE-2026-47141

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS0.00308EPSS

Exploits0References3

EUVD•added 2026/06/12 2:17 p.m.•10 views

EUVD-2026-36449

6.9CVSS5.2AI score0.00308EPSS

Exploits0References3

Vulnrichment•added 2026/06/12 2:17 p.m.•7 views

CVE-2026-47141 vm2: NodeVM observability builtins leak host process and HTTP request data

6.9CVSS5.3AI score0.00308EPSS

Exploits0References3

CVE•added 2026/06/12 2:17 p.m.•26 views

CVE-2026-47141

CVE-2026-47141 affects vm2 NodeVM where diagnostics_channel, async_hooks, and perf_hooks observability builtins were exposed to sandboxed code before patching in vm2 3.11.4. These process‑wide modules can leak host data (e.g., HTTP headers, AsyncResource state, performance entries) into the sandb...

6.9CVSS5.2AI score0.00308EPSS

Exploits0References3

IBM Security Bulletins•added 2026/06/11 3:37 p.m.•9 views

Security Bulletin: Vulnarability in jackson-core library (WS-2026-0003) affects Power HMC.

Summary The jackson-core library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined i...

5.5AI score

Exploits0Affected Software1

Vulnrichment•added 2026/06/09 10:53 p.m.•11 views

CVE-2026-45782 Cloud Hypervisor: Use-after-free in virtio-block Async I/O Completion

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

8.9CVSS5.6AI score0.00138EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by