Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

302519 matches found

CVE
CVEadded 2026/05/28 9:40 a.m.9 views

CVE-2026-46198

The CVE-2026-46198 issue affects the Linux kernel’s batman-adv component. A mismatch between integer types caused an integer overflow in batadv_iv_ogm_send_to_if, where buff_pos is s16 while the size check uses an int in batadv_iv_ogm_aggr_packet, potentially enabling an out-of-bounds read. The v...

8.8CVSS5.8AI score0.0003EPSS
Exploits0References8
CVE
CVEadded 2026/05/28 9:40 a.m.15 views

CVE-2026-46197

The CVE-2026-46197 issue affects the Linux kernel DRM/AMDKFD component, where the nattr field validation for SVM ioctl was insufficient against the reported buffer size, enabling out-of-bounds access via a user-controlled attribute count. The root cause is input size validation failure in the SVM...

7.8CVSS5.9AI score0.00013EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/05/28 9:40 a.m.24 views

CVE-2026-46197 drm/amdkfd: validate SVM ioctl nattr against buffer size

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. cherry picked from commit...

7.8CVSS0.00013EPSS
Exploits0References7
EUVD
EUVDadded 2026/05/28 9:40 a.m.6 views

EUVD-2026-32824

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. cherry picked from commit...

5.9AI score0.00013EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/28 9:40 a.m.7 views

CVE-2026-46197

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. cherry picked from commit...

7.8CVSS5.9AI score0.00013EPSS
Exploits0References8Affected Software1
CVE
CVEadded 2026/05/28 9:36 a.m.9 views

CVE-2026-46191

CVE-2026-46191 affects the Linux kernel framebuffer console (fbcon). The issue arises in fbcon_rotate_font() when a reallocation during console rotation fails; the old buffer is kept but becomes too small for the rotated font, enabling out-of-bounds font access for high-character codes. The fix c...

6AI score0.00024EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/28 9:36 a.m.5 views

CVE-2026-46191

In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...

6AI score0.00024EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2026/05/28 9:36 a.m.21 views

CVE-2026-46191 fbcon: Avoid OOB font access if console rotation fails

In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs implementations for the rotated buffer will return early in this case. S...

0.00024EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/28 9:36 a.m.26 views

CVE-2026-46188 octeon_ep_vf: add NULL check for napi_build_skb()

In the Linux kernel, the following vulnerability has been resolved: octeonepvf: add NULL check for napibuildskb napibuildskb can return NULL on allocation failure. In octepvfoqprocessrx, the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading t...

0.00023EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/28 9:36 a.m.8 views

CVE-2026-46167

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl Just like in a previous problem in this driver, usblpctrlmsg will collapse the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferre...

5.8AI score0.00032EPSS
Exploits0References9Affected Software1
EUVD
EUVDadded 2026/05/28 9:36 a.m.8 views

EUVD-2026-32794

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl Just like in a previous problem in this driver, usblpctrlmsg will collapse the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferre...

5.8AI score0.00032EPSS
Exploits0References5
CVE
CVEadded 2026/05/28 9:36 a.m.9 views

CVE-2026-46167

In the Linux kernel driver usb/usblp, CVE-2026-46167 fixes an uninitialized heap leak exposed via LPGETSTATUS. The bug arises because usblp_ctrl_msg() collapses usb_control_msg() return values to 0/-errno, leaving statusbuf (kmalloc(8)) uninitialized before the first LPGETSTATUS ioctl. If a print...

5.8AI score0.00032EPSS
Exploits0References8
EUVD
EUVDadded 2026/05/28 9:36 a.m.10 views

EUVD-2026-32782

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

5.8AI score0.0006EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/28 9:36 a.m.6 views

CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

5.7AI score0.0006EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2026/05/28 9:36 a.m.27 views

CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

9.1CVSS0.0006EPSS
Exploits0References5
CVE
CVEadded 2026/05/28 9:36 a.m.26 views

CVE-2026-46155

CVE-2026-46155 affects the Linux kernel SMB client. The vulnerability is an out-of-bounds read in smb2_compound_op() caused by memcpy reading size[0] (OutputBufferLength) when iov_len is smaller than that length after a truncated server response. This can leak adjacent kernel heap memory. Impact ...

9.1CVSS5.8AI score0.0006EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/28 9:36 a.m.4 views

EUVD-2026-32778

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

5.8AI score0.00032EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/28 9:36 a.m.7 views

CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

5.8AI score0.00032EPSS
Exploits0References9Affected Software1
CVE
CVEadded 2026/05/28 9:36 a.m.8 views

CVE-2026-46151

The CVE-2026-46151 issue affects the Linux kernel usb: usblp driver. A vulnerable path in usblp_ctrl_msg() discards the actual bytes transferred, enabling a short GET_DEVICE_ID transfer to be misinterpreted. The cache_device_id_string() reads a 2-byte big-endian length from the response and trust...

5.8AI score0.00032EPSS
Exploits0References8
EUVD
EUVDadded 2026/05/28 9:36 a.m.7 views

EUVD-2026-32776

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

5.7AI score0.00013EPSS
Exploits0References5
Rows per page
Query Builder