CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•11 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ALSA: In the seq function, there was a mismatch in the function’s prototype in sndseqexpandvarevent. With Clang’s Kernel Control Flow Integrity kCFI, CONFIGCFICLANG feature, indirect call targets are validated against the...

5.5CVSS6.3AI score0.00011EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed function prototype mismatch for ext4featktype With Clang’s kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to ensure that the cal...

5.5CVSS6.3AI score0.00021EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tools/rtla: Fixed the Clang warning regarding the size of the mountpoint variable. Clang is reporting this warning as follows: $ make HOSTCC=clang CC=clang LLVMIAS=1 ... clang -O -g -DVERSION="6.8.0-rc3" -flto=auto -fexceptions...

5.5CVSS6.4AI score0.00015EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Security issue: Restrict CONFIGZEROCALLUSEDREGS to gcc or clang version 15.0.6. A bug in clang’s implementation of -fzero-call-used-regs can lead to NULL pointer dereferencing see the links above the check for more information...

5.7AI score0.00024EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: msc313: The mismatch between function prototypes in msc313rtcprobe has been fixed. With Clang’s Kernel Control Flow Integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer...

5.5CVSS5.7AI score0.00017EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/ctcm: Fixed double-freeing of resources. The function ‘mpcrcvdsweepreqmpcginfo’ is called conditionally from the function ‘ctcmpcunpackskb’. It frees the passed mpcginfo. After that, a call to the function ‘kfree’ within the...

5.7AI score0.00058EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed the type of the second parameter in the odneditdpmtable callback. With Clang’s kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer...

5.8AI score0.00024EPSS

RedhatCVE•added 2026/05/11 8:26 p.m.•5 views

CVE-2026-45181

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation via argument injection, which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file...

NVD•added 2026/05/09 10:16 p.m.•7 views

CVE-2026-45181

6.5CVSS0.00008EPSS

CVE•added 2026/05/09 9:47 p.m.•10 views

CVE-2026-45181

Hex-Rays IDA Pro 9.2 and 9.3 prior to 9.3sp2 do not block Clang dependency-file generation, enabling argument-injection via attacker-supplied .i64 files to place code into a plugins directory. Root cause: missing validation in dependency-file generation. Impact: local attacker could achieve code ...

ATTACKERKB•added 2026/05/09 9:47 p.m.•3 views

CVE-2026-45181

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/09 9:47 p.m.•6 views

CVE-2026-45181

Positive Technologies•added 2026/05/09 12:0 a.m.•10 views

PT-2026-39420

Name of the Vulnerable Software and Affected Versions Hex-Rays IDA Pro versions 9.2 through 9.3 Hex-Rays IDA Pro versions prior to 9.3sp2 Description An argument injection flaw exists where the software fails to block Clang dependency-file generation. This allows an attacker to place malicious co...

CNNVD•added 2026/05/09 12:0 a.m.•5 views

Exploits0References4

Hex-Rays IDA Pro 参数注入漏洞

Hex-Rays IDA Pro is a professional reverse-engineering tool developed by the Belgian company Hex-Rays. It is used for disassembly and program analysis. Versions of Hex-Rays IDA Pro from 9.2 to 9.3sp2 contained a parameter injection vulnerability. This vulnerability stemmed from the lack of...