CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

Positive Technologies•added 2026/06/05 12:0 a.m.•10 views

PT-2026-47084

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A flaw in the token-exchange flow allows two concurrent requests using the same OAuth authorization code to each generate a distinct valid access token and refresh token pair. This occurs because...

6.3CVSS6AI score0.00072EPSS

Exploits0References5

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: wifi: rtw88: use a work to update the rate to avoid RCU warnings. The ieee80211ops::starcupdate function must be atomic, because ieee80211chanbwchange holds a rcuread lock while calling drvstarcupdate. Therefore, a work must b...

5.5AI score0.00166EPSS

Exploits0References1

RedhatCVE•added 2026/03/25 12:48 p.m.•3 views

CVE-2026-23316

A flaw was found in the Linux kernel's handling of multipath hash seeds on ARM64 architectures. This vulnerability can lead to a system crash kernel panic when the kernel is compiled with specific optimizations, such as Clang with Link-Time Optimization LTO, due to an alignment fault during memor...

5.5CVSS5.8AI score0.00122EPSS

Exploits0References4

Github Security Blog•added 2026/02/23 10:16 p.m.•8 views

Craft CMS Race condition in Token Service potentially allows for token usage greater than the token limit

A Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s usage count, checks if it’s within limits, then updates the database in separate non-atomic operations. By...

6.9CVSS5.5AI score0.00176EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 2026/01/22 12:0 a.m.•5 views

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-35810)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35810 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix the lifetime of...

5.5CVSS6.9AI score0.00225EPSS

Exploits0References2

EUVD•added 2025/12/30 3:30 p.m.•1 views

EUVD-2023-60502

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP completion stats CQP completion statistics is read lockesly in irdmawaitevent and irdmacheckcqpprogress while it can be updated in the completion thread irdmascccqgetcqeinfo on another CPU as KCSA...

5.9AI score0.00168EPSS

Exploits0References5

NVD•added 2025/12/30 1:16 p.m.•4 views

CVE-2023-54302

0.00168EPSS

Exploits0References4

SUSE CVE•added 2025/12/25 12:56 a.m.•4 views

SUSE CVE-2023-54071

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use work to update rate to avoid RCU warning The ieee80211ops::starcupdate must be atomic, because ieee80211chanbwchange holds rcuread lock while calling drvstarcupdate, so create a work to do original things...

5.5CVSS6.5AI score0.00166EPSS

Exploits0References3

EUVD•added 2025/12/24 3:30 p.m.•3 views

EUVD-2023-60255

6AI score0.00166EPSS

Exploits0References4

UbuntuCve•added 2025/12/24 1:16 p.m.•3 views

CVE-2023-54071

5.7AI score0.00166EPSS

Exploits0References4

UbuntuCve•added 2025/12/16 2:15 p.m.•3 views

CVE-2025-40348

In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race on slab-objexts in allocslabobjexts If two competing threads enter allocslabobjexts and one of them fails to allocate the object extension vector, it might override the valid slab-objexts allocated by the other...

5.7AI score0.00166EPSS

Exploits0References5

CVE•added 2025/12/16 1:30 p.m.•11 views

CVE-2025-40348

CVE-2025-40348 concerns a race in the Linux kernel slab allocator. When two threads concurrently execute alloc_slab_obj_exts() and one fails to allocate the object extension vector, the winning thread may overwrite the other thread’s valid slab->obj_exts with OBJEXTS_ALLOC_FAIL, leading the ra...

6AI score0.00166EPSS

Exploits0References3

OSV•added 2025/12/16 1:30 p.m.•3 views

CVE-2025-40348 slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts

6.3AI score0.00166EPSS

Exploits0References6

OSV•added 2025/08/22 4:15 p.m.•0 views

DEBIAN-CVE-2025-38632

In the Linux kernel, the following vulnerability has been resolved: pinmux: fix race causing muxowner NULL with active muxusecount commit 5a3e85c3c397 "pinmux: Use sequential access to access desc-pinmux data" tried to address the issue when two client of the same gpio calls pinctrlselectstate fo...

4.7CVSS4.7AI score0.00104EPSS

Exploits0References1

NVD•added 2025/08/22 4:15 p.m.•3 views

CVE-2025-38632

4.7CVSS0.00104EPSS

Exploits0References5

CVE•added 2025/08/22 4:0 p.m.•33 views

CVE-2025-38632

CVE-2025-38632 affects the Linux kernel pinctrl/pinmux logic. The issue is a race where updates to mux_usecount and mux_owner were not performed atomically under the same lock, allowing a state where mux_usecount > 0 but mux_owner is NULL, potentially causing a NULL pointer on subsequent pin r...

4.7CVSS6.5AI score0.00104EPSS

Exploits0References5Affected Software1