Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

313123 matches found

CVE
CVEadded 2026/05/28 9:36 a.m.14 views

CVE-2026-46167

In the Linux kernel driver usb/usblp, CVE-2026-46167 fixes an uninitialized heap leak exposed via LPGETSTATUS. The bug arises because usblp_ctrl_msg() collapses usb_control_msg() return values to 0/-errno, leaving statusbuf (kmalloc(8)) uninitialized before the first LPGETSTATUS ioctl. If a print...

5.8AI score0.00032EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/05/28 9:36 a.m.6 views

CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

5.7AI score0.0006EPSS
Exploits0References6Affected Software1
EUVD
EUVDadded 2026/05/28 9:36 a.m.11 views

EUVD-2026-32782

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

5.8AI score0.0006EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/28 9:36 a.m.31 views

CVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

9.1CVSS0.0006EPSS
Exploits0References5
CVE
CVEadded 2026/05/28 9:36 a.m.31 views

CVE-2026-46155

CVE-2026-46155 affects the Linux kernel SMB client. The vulnerability is an out-of-bounds read in smb2_compound_op() caused by memcpy reading size[0] (OutputBufferLength) when iov_len is smaller than that length after a truncated server response. This can leak adjacent kernel heap memory. Impact ...

9.1CVSS5.8AI score0.0006EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/05/28 9:36 a.m.5 views

EUVD-2026-32778

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

5.8AI score0.00032EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/28 9:36 a.m.7 views

CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

5.8AI score0.00032EPSS
Exploits0References9Affected Software1
CVE
CVEadded 2026/05/28 9:36 a.m.14 views

CVE-2026-46151

CVE-2026-46151 affects the Linux kernel USB printer driver usblp, causing a heap leak in IEEE 1284 device ID handling due to short GET_DEVICE_ID responses. The issue stems from usblp_ctrl_msg() discarding actual bytes and usblp_cache_device_id_string() trusting a 2‑byte length prefix, exposing st...

5.5CVSS5.8AI score0.00032EPSS
Exploits0References8Affected Software1
EUVD
EUVDadded 2026/05/28 9:36 a.m.7 views

EUVD-2026-32776

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

5.7AI score0.00013EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/28 9:36 a.m.28 views

CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

7.1CVSS0.00013EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/05/28 9:36 a.m.7 views

CVE-2026-46149

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

7.1CVSS5.7AI score0.00013EPSS
Exploits0References9Affected Software1
CVE
CVEadded 2026/05/28 9:36 a.m.13 views

CVE-2026-46149

Summary: CVE-2026-46149 affects the Linux kernel SCSI target subsystem, specifically the configfs path in tg_pt_gp_members_show(). The function formats LUN paths with snprintf() into a 256-byte stack buffer and then copies cur_len bytes via memcpy(), but snprintf() may return a length that exceed...

7.1CVSS5.7AI score0.00013EPSS
Exploits0References8
Debian CVE
Debian CVEadded 2026/05/28 9:35 a.m.9 views

CVE-2026-46140

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

5.7AI score0.00023EPSS
Exploits0
Cvelist
Cvelistadded 2026/05/28 9:35 a.m.27 views

CVE-2026-46140 Bluetooth: btmtk: validate WMT event SKB length before struct access

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

0.00023EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/28 9:35 a.m.8 views

EUVD-2026-32767

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

5.8AI score0.00023EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/28 9:35 a.m.7 views

EUVD-2026-32763

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix a potential clc buffer length underflow The buflen is used to limit the iterations for retrieving the country power setting and may underflow under certain conditions due to changes in the power table in...

5.8AI score0.00032EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/28 9:35 a.m.7 views

EUVD-2026-32887

In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...

5.8AI score0.00032EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/28 9:35 a.m.26 views

CVE-2026-46128 ipmi: Check event message buffer response for bad data

In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...

0.00032EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/05/28 9:35 a.m.5 views

CVE-2026-46128

In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...

5.8AI score0.00032EPSS
Exploits0References9Affected Software1
CVE
CVEadded 2026/05/28 9:35 a.m.13 views

CVE-2026-46128

The CVE covers a Linux kernel IPMI issue where event message buffer data size was only validated later in processing instead of immediately after the response. Some BMCs may return an empty message rather than signaling an error when fetching events. The available connected documents indicate thi...

5.8AI score0.00032EPSS
Exploits0References8
Rows per page
Query Builder