CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/28 9:35 a.m.•10 views

CVE-2026-46126

The CVE-2026-46126 entry relates to the Linux kernel RDMA mana path. The issue stems from two bugs in the error unwind flow during WQ table cleanup in mana_destroy_wq_obj(): (1) a premature double i-- in the first failure path due to a while-loop earlier, and (2) if mana_ib_install_cq_cb() fails,...

5.8AI score0.00023EPSS

NVD•added 2026/05/28 6:16 a.m.•9 views

CVE-2026-9009

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filtercontent function. This is due to passing the attacker-supplied 'callbackraw' shortcode attribute directly into calluserfunc with n...

8.8CVSS0.00264EPSS

Vulnrichment•added 2026/05/28 5:30 a.m.•5 views

CVE-2026-9009 Crawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode Attribute

EUVD•added 2026/05/28 5:30 a.m.•5 views

EUVD-2026-32723

ATTACKERKB•added 2026/05/28 5:30 a.m.•8 views

CVE-2026-9009

CVE•added 2026/05/28 5:30 a.m.•11 views

CVE-2026-9009

CVE-2026-9009 affects the Crawlomatic Multipage Scraper Post Generator plugin for WordPress (versions up to 2.7.2). The root cause is insecure handling of the attacker-supplied shortcode attributes callback_raw and callback, which are passed directly into call_user_func() after only an is_callabl...

Cvelist•added 2026/05/28 5:30 a.m.•29 views

CVE-2026-9009 Crawlomatic Multipage Scraper Post Generator <= 2.7.2 - Authenticated (Author+) Remote Code Execution via 'callback_raw' Shortcode Attribute

8.8CVSS0.00264EPSS

SUSE CVE•added 2026/05/28 3:54 a.m.•5 views

SUSE CVE-2026-46016

In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing...

5.9AI score0.00024EPSS

SUSE CVE•added 2026/05/28 3:53 a.m.•5 views

SUSE CVE-2026-46047

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Fix use-after-free in driver remove In the remove callback, if a packet arrives after destroyworkqueue is called, but before sockrelease, the qrtrnsdataready callback will try to queue the work, causing...

6.4CVSS5.7AI score0.00032EPSS

Positive Technologies•added 2026/05/28 12:0 a.m.•6 views

PT-2026-44252

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create space info error path When kobject init and add fails, the call chain is: create space info - btrfs sysfs add space info type - kobject init and add - failure - kobject put&space info-kobj - space...

5.8AI score0.00013EPSS

Exploits0References6

CNNVD•added 2026/05/28 12:0 a.m.•4 views

WordPress plugin Crawlomatic Multipage Scraper Post Generator 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6AI score0.00264EPSS

RedhatCVE•added 2026/05/27 11:2 p.m.•7 views

CVE-2026-45968

A flaw was found in the Linux kernel's cpuidle subsystem. On certain PowerNV systems, when only a single idle state is available, the cpuidle ladder governor may incorrectly treat state 1 as usable. This can lead to an out-of-bounds index being passed, causing a NULL enter callback to be invoked...

5.5CVSS5.8AI score0.00032EPSS

Vulnrichment•added 2026/05/27 3:48 p.m.•3 views

CVE-2026-44320 free5GC: NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback...

7.3CVSS5.9AI score0.00044EPSS

Exploits1References3

CVE•added 2026/05/27 3:48 p.m.•7 views

CVE-2026-44320

Summary: CVE-2026-44320 affects free5GC’s NEF, specifically the nnef-callback route group, which mounts without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token can reach the SMF-callback handler, allowing the callback body to be parsed and dispatched into NEF busines...

7.3CVSS6AI score0.00044EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/05/27 3:48 p.m.•33 views

CVE-2026-44320 free5GC: NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path

7.3CVSS0.00044EPSS

Exploits1References3

EUVD•added 2026/05/27 3:33 p.m.•6 views

EUVD-2026-32384

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - don't deref NULL sksocket member after tcpclose When deleting a peer in case of keepalive expiration, the peer is removed from the OpenVPN hashtable and is temporary inserted in a "release list" for further processing...

5.9AI score0.00022EPSS

EUVD•added 2026/05/27 3:33 p.m.•5 views

EUVD-2026-32367

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: revert commitmutex usage in reset path It causes circular lock dependency between commitmutex, nfnlsubsysipset and nlkcbmutex when nft reset, ipset list, and iptables-nft with '-m set' rule run at the same...

5.8AI score0.00024EPSS