CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

CVE-2026-46264

A flaw was found in the Linux kernel's drm/xe/pf component. This vulnerability arises during the initialization of the sysfs interface, where an error in devmaddactionorreset can cause a cleanup action to execute on an uninitialized kernel object. This can lead to a use-after-free condition, whic...

8.8CVSS5.9AI score0.00013EPSS

Exploits0References4

EUVD•added 4 days ago•5 views

EUVD-2026-34126

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devmaddactionorreset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e0: i...

5.8AI score0.00013EPSS

Exploits0References2

Cvelist•added 4 days ago•33 views

CVE-2026-46264 drm/xe/pf: Fix sysfs initialization

8.8CVSS0.00013EPSS

Exploits0References2

NVD•added 2025/12/20 4:16 a.m.•3 views

CVE-2025-14168

The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the cleanupall AJAX action. This makes it possible for unauthenticated attackers to delete database records including post...

4.3CVSS0.00011EPSS

Exploits0References3

CVE•added 2025/12/20 3:20 a.m.•7 views

CVE-2025-14168

CVE-2025-14168 concerns the WordPress plugin WP DB Booster. The issue is a Cross-Site Request Forgery (CSRF) vulnerability on the cleanup_all AJAX action, present in versions up to and including 1.0.1. The flaw allows unauthenticated attackers to trigger actions that delete database records such ...

4.3CVSS5AI score0.00011EPSS

Exploits0References3

Cvelist•added 2025/12/20 3:20 a.m.•15 views

CVE-2025-14168 WP DB Booster <= 1.0.1 - Cross-Site Request Forgery to Database Cleanup

4.3CVSS0.00011EPSS

Exploits0References3

SUSE CVE•added 2025/10/07 1:22 a.m.•1 views

SUSE CVE-2022-50477

In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devmrtcallocatedevice devmrtcallocatedevice will alloc a rtcdevice first, and then run devsetname. If devsetname failed, the rtcdevice will memleak. Move devmaddactionorreset in front of...

3.3CVSS6.3AI score0.00013EPSS

Exploits0References3

Patchstack•added 2023/07/18 12:0 a.m.•6 views

WordPress Cleanup Action Scheduler Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Cleanup Action Scheduler Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 658cd4ed1a2b Credits Rafie Muhammad Patchsta...

6.5AI score

Exploits0References3Affected Software1