CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added last week•7 views

CVE-2026-44883

7.7CVSS0.00047EPSS

EUVD•added last week•5 views

EUVD-2026-33059

7.7CVSS5.8AI score0.00047EPSS

Vulnrichment•added last week•2 views

CVE-2026-44883 Portainer: JWT accepted in URL query leaks tokens to logs and referers

7.7CVSS5.8AI score0.00047EPSS

RedhatCVE•added last week•5 views

CVE-2026-44985

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

9.6CVSS5.8AI score0.00007EPSS

Cvelist•added 2026/05/26 9:58 p.m.•29 views

CVE-2026-44985 Dozzle: Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpoints bypasses authentication

8.7CVSS0.00007EPSS

Exploits1References2

EUVD•added 2026/05/26 9:58 p.m.•5 views

EUVD-2026-32017

8.7CVSS5.8AI score0.00007EPSS

Exploits1References2

Vulnrichment•added 2026/05/26 9:58 p.m.•3 views

CVE-2026-44985 Dozzle: Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpoints bypasses authentication

8.7CVSS5.8AI score0.00007EPSS

Exploits1References2

CNNVD•added 2026/05/26 12:0 a.m.•4 views

Dozzle 访问控制错误漏洞

Dozzle is a small, lightweight application developed by Amir Raminfar as an individual project. Versions of Dozzle prior to 10.5.2 contained an access control vulnerability. This vulnerability stemmed from the WebSocket upgrade mechanism used by the /exec and /attach endpoints, which accepted...

9.6CVSS5.7AI score0.00007EPSS

Exploits1References3

OSV•added 2026/05/22 1:19 p.m.•4 views

OESA-2026-2415 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the devi...

8.8CVSS6AI score0.00021EPSS

Exploits4References7

5.5CVSS5.8AI score0.00027EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: “drm/gem-framebuffer: Use dmabuf from GEM object instance” has been reverted. This reversion is associated with the commit cce16fcd7446dcff7480cd9d2b6417075ed81065. The dmabuf field in the struct drmgemobject is not stable...

5.5CVSS6.4AI score0.00011EPSS

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: ttpci: two memory leaks have been fixed in budgetavattach. When saa7146registerdevice and saa7146vvinit fail, budgetavattach should free the resources it allocates, similar to the error handling in ttpcibudgetinit...

5.5CVSS5.8AI score0.00027EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: “Revert ‘drm/gem-dma: Use dmabuf from GEM object instance’” This change is reflected in commit e8afa1557f4f963c9a511bd2c6074a941c308685. The dmabuf field in the struct drmgemobject is not stable throughout the lifetime of the...

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Driver: Base – Fixed UAF when driverattach fails When driverattachdrv fails, the driverprivate variable is freed. However, it was added to the bus, which caused a UAF Use-after-Allocation Fault. To fix this issue, we need to remo...

7.8CVSS6.1AI score0.00082EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Protect folio::private when attaching an extent buffer for folios. BUG Since version 6.8, several people have reported rare kernel crashes. The common cause is incorrect page status error messages like this: BUG: Incorrect...

4.7CVSS6.1AI score0.00024EPSS

Exploits0References1

7.8CVSS6.2AI score0.00013EPSS

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: rc: The bpf attach/detach operation requires write permission. source-iocs-preserved const=CAPNETADMIN...

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: atm: Added lecmutex. The issue was discovered in net/atm/lec.c, where a error path was found in lecdattach. This path could leave a dangling pointer in devlec. A mutex was added to protect the use of devlec from lecdattac...

7.8CVSS6.4AI score0.00052EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a use-after-free in ext4orphancleanup. I identified the issue as follows: BUG: KASAN: Use-after-free in listaddvalid+0x28/0x1a0. Read of size 8 at address ffff88814b13f378 by task mount/710. CPU: 1 PID: 710 Comm:...

6AI score0.00039EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel’s BPF subsystem. This...

5.7AI score0.00042EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•0 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: “Revert ‘drm/prime: Use dmabuf from GEM object instance’” This change is reflected in commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8. The dmabuf field in the struct drmgemobject is not stable throughout the lifetime of the objec...

5.5CVSS5.8AI score0.00027EPSS