CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2 days ago•6 views

CVE-2026-42191

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

7.8CVSS5.5AI score0.00014EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-39399

NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...

9.6CVSS6AI score0.00461EPSS

SUSE CVE•added 3 days ago•5 views

SUSE CVE-2026-46254

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures...

5.8AI score0.00018EPSS

Tenable Nessus•added 4 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-46104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperm...

SUSE CVE•added 2026/05/31 1:32 a.m.•16 views

Exploits0References2

SUSE CVE-2026-48501

GitHub CLI gh is GitHub's official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

9.1CVSS5.8AI score0.0005EPSS

OSV•added 2026/05/29 3:30 p.m.•6 views

GHSA-8XVP-7HJ6-MCJ9 GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands

Summary GitHub CLI incorrectly includes an authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. Affected users: - Authenticated github.com users who previously ran gh attestation commands, gh release verify, or...

7.4CVSS5.9AI score0.0005EPSS

Cvelist•added 2026/05/29 3:14 p.m.•29 views

CVE-2026-48501 GitHub CLI tokens leak via `gh attestation` commands

GitHub CLI gh is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

7.4CVSS0.0005EPSS

SUSE CVE•added 2026/05/29 1:17 a.m.•8 views

SUSE CVE-2026-46104

In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperms currently dereference sk-sksecurity directly, which assumes the...

EUVD•added 2026/05/28 12:30 p.m.•8 views

EUVD-2026-32863

NVD•added 2026/05/28 10:16 a.m.•6 views

Exploits0References4

CVE-2026-46104

0.00022EPSS

OSV•added 2026/05/28 10:16 a.m.•2 views

UBUNTU-CVE-2026-46104

5.7AI score0.00022EPSS

Exploits0References6

CVE•added 2026/05/28 9:35 a.m.•9 views

CVE-2026-46104

CVE-2026-46104 affects the Linux kernel where SELinux socket state is stored in the composite LSM socket blob. The vulnerability arises in sock_has_perm() and nlmsg_sock_has_extended_perms(), which currently dereference sk->sk_security directly, assuming the SELinux blob is at offset zero. In ...

Cvelist•added 2026/05/28 9:35 a.m.•20 views

CVE-2026-46104 selinux: use sk blob accessor in socket permission helpers

0.00022EPSS

Debian CVE•added 2026/05/28 9:35 a.m.•6 views

CVE-2026-46104

5.7AI score0.00022EPSS

Exploits0

SUSE CVE•added 2026/05/28 3:53 a.m.•5 views

SUSE CVE-2026-46057

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlockrestrictself which can set LOGSUBDOMAINSOFF...

CNNVD•added 2026/05/28 12:0 a.m.•6 views

Portainer 信息泄露漏洞

Portainer is a lightweight user management interface developed by Portainer for managing Docker environments and Docker hosts. Versions of Portainer Community Edition prior to 2.33.8, 2.39.2, and 2.41.0 contained an information leakage vulnerability. This vulnerability occurred when creating or...

9.9CVSS5.9AI score0.0008EPSS

Exploits1References1

Positive Technologies•added 2026/05/28 12:0 a.m.•9 views

PT-2026-44227

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In stacked Linux Security Module LSM configurations, the sock has perm and nlmsg sock has extended perms functions incorrectly dereference sk-sk security directly. This assumes the SELin...

9.8CVSS6AI score0.00254EPSS

Exploits12References279

NVD•added 2026/05/27 2:17 p.m.•6 views

CVE-2026-46057

0.00022EPSS