CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.8CVSS6.9AI score0.00335EPSS

Astra Linux - уязвимость в linux-5.10

A issue was discovered in the Linux kernel before version 6.0.11. Missing validation of the IEEE80211P2PATTRCHANNELLIST in the drivers/net/wireless/microchip/wilc1000/cfg80211.c file, within the WILC1000 wireless driver, can lead to a heap-based buffer overflow when parsing the operating channel...

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed an out-of-band issue in ntfslistxattr. The length of a name cannot exceed the space occupied by “ea”...

7.1CVSS6.4AI score0.00244EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: thermal-netlink: Prevent userspace segmentation faults by adjusting the UAPI header. The intel-lpmd tool 1, which uses the THERMALGENLATTRCPUCAPABILITY attribute to receive HFI events from the kernel space, encounters a...

5.5CVSS5.7AI score0.00191EPSS

4.3CVSS6.6AI score0.00725EPSS

Astra Linux - уязвимость в samba

A flaw was discovered in Samba. An incomplete access check on dnsHostName allows authenticated, but otherwise unprivileged users to delete this attribute from any object in the directory...

5.5CVSS6.5AI score0.00239EPSS

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: think-lmi: Fixed reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned, and that reference needs to be disposed of using kobjectput. The validation of the...

5.5CVSS5.2AI score0.00127EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Handling of errors when calling attrsetsize during file truncation. If attrsetsize fails during file truncation, the error is silently ignored, and the inode may remain in an inconsistent state...

Exploits0References1

RedHat Linux•added 2026/05/20 4:45 a.m.•6 views

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

RedHat Linux•added 2026/05/20 4:16 a.m.•19 views

Moderate: Red Hat Security Advisory: glib2 security update

An update for glib2 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

9.8CVSS6.6AI score0.00754EPSS

Exploits0References3

RedHat Linux•added 2026/05/20 2:53 a.m.•10 views

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

RedHat Linux•added 2026/05/20 2:27 a.m.•9 views

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

NVD•added 2026/05/20 2:16 a.m.•6 views

CVE-2026-6397

The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...

6.4CVSS0.00252EPSS

RedHat Linux•added 2026/05/20 1:59 a.m.•5 views

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

RedHat Linux•added 2026/05/20 1:59 a.m.•8 views

Moderate: Red Hat Security Advisory: glib2 security update

An update for glib2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS6.6AI score0.00754EPSS

Exploits0References3

CVE•added 2026/05/20 1:25 a.m.•15 views

CVE-2026-6549

Technical details about CVE-2026-6549 are not publicly available in the provided documents; monitor for updates.

6.4CVSS6AI score0.00252EPSS

Exploits0References4

ATTACKERKB•added 2026/05/20 1:25 a.m.•5 views

CVE-2026-8038

The Faces of Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in the 'facesofusers' shortcode in all versions up to, and including, 0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

6.4CVSS6AI score0.00253EPSS

Exploits0References4

Cvelist•added 2026/05/20 1:25 a.m.•45 views

CVE-2026-6404 Anomify AI <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'anomify_api_key' Parameter

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomifyapikey' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitizetextfie...

4.4CVSS0.00246EPSS

Exploits0References7

CVE•added 2026/05/20 1:25 a.m.•12 views

CVE-2026-6397

The WordPress Sticky plugin is affected up to version 2.5.6. In cvmh_sticky_front_render(), the readmoretext attribute from the cvmh-sticky shortcode is passed through apply_filters() and directly concatenated into HTML without escaping, enabling Stored Cross-Site Scripting. Exploitation requires...

6.4CVSS6AI score0.00252EPSS