CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3653 matches found

CVE-2026-48746

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. This vulnerability, residing in ASGI web servers and Starlette's trust in them, allows an attacker to bypass the OpenAI API Authentication Middleware. This bypass enables unauthorized access to the API witho...

9.1CVSS5.8AI score0.0074EPSS

Exploits0References6

CVE•added 2 days ago•12 views

CVE-2026-44726

CVE-2026-44726 affects Deno (2.0.0–2.7.8) via the Node.js tls compatibility layer. When autoSelectFamily is enabled and the first address-family attempt fails, the socket reinitialization path reuses a stale TLS upgrade hook tied to the original failed handle, causing the replacement TCP connecti...

7.4CVSS5.9AI score0.00136EPSS

Exploits0References1

CVE•added 2 days ago•4 views

CVE-2026-49411

Summary (technical, grounded): CVE-2026-49411 affects Deno’s Node.js compatibility TCP path. Prior to v2.8.0, permission checks for deny-net were performed on the original hostname string before DNS resolution and not re-checked after resolution. This allowed a numeric IP alias (for example 21307...

6.5CVSS5.8AI score0.00108EPSS

Exploits0References1

NVD•added 3 days ago•7 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS0.00402EPSS

Exploits1References1

CVE•added 6 days ago•22 views

CVE-2026-52908

The CVE-2026-52908 entry concerns the Linux kernel RDMA path and a compatibility issue during rereg_mr. The root cause is that if IB_MR_REREG_ACCESS changes from RO to RW, the umem must be re-evaluated to ensure proper RW pinning. The fix adds a per-driver hook ib_umem_check_rereg() (to be called...

5.7AI score0.00168EPSS

Exploits0References5

EUVD•added 6 days ago•6 views

EUVD-2026-38037

In the Linux kernel, the following vulnerability has been resolved: RDMA: During reregmr ensure that REREGACCESS is compatible If IBMRREREGACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properly pinned as RW. Since the umem is hidden inside each driver's mr stru...

5.7AI score0.00168EPSS

Exploits0References5

Debian CVE•added 6 days ago•5 views

CVE-2026-52908

5.6AI score0.00168EPSS

Exploits0

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: arm64: Do not call NULL in docompatalignmentfixup. doalignmentt32tohandler only fixes alignment faults for specific instructions; otherwise, it returns NULL e.g., for LDREX. When this occurs, a signal is sent to the caller...

5.5CVSS6.5AI score0.00166EPSS

Exploits0References2

AstraLinux•added 6 days ago•6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fixed a race condition in SNDCTLDSPSYNC There is a small race condition in the sndpcmosssync function, which is called from OSS PCM SNDCTLDSPSYNC ioctl. Specifically, the function calls sndpcmossmakeready first, a...

4.7CVSS5.4AI score0.00132EPSS

Exploits0References2

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys – fixed the issue of possible null pointer dereferencing. In mtkpmickeysprobe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating...

5.5CVSS6.3AI score0.00149EPSS

Exploits0References2

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ixgbevf: Fixed compatibility issues with the mailbox API by negotiating supported features. There was backward compatibility regarding the mailbox API. Various drivers from different operating systems that support 10G adapters...

5.7AI score0.00166EPSS

Exploits0References2

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tipc: The issue in tipcnlcompatnametabledumpheader regarding the check of the msg-req TLV length was fixed. This is a follow-up to commit 974cb0e3e7c9 “tipc: fixing uninit-value in tipcnlcompatnametabledump", where a type cast fr...

5.5CVSS6AI score0.0016EPSS

Exploits0References1

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: comedi: A memory leak has been fixed in compatinsnlist. compatinsnlist handles the 32-bit version of the COMEDIINSNLIST ioctl function when CONFIGCOMPAT is enabled. It allocates memory to temporarily hold an array of struct...

5.5CVSS5.1AI score0.00239EPSS

Exploits0References2

AstraLinux•added 6 days ago•6 views

Astra Linux – Vulnerability in Puma

Puma is a Ruby/Rack web server designed for parallelism. Prior to version 5.6.2 of Puma, Puma might not always call close on the response body. Before version 7.0.2.2 of Rails, Rails relied on the response body being closed in order for its CurrentAttributes implementation to work correctly. The...

8CVSS6.3AI score0.02092EPSS

Exploits0References1

Fedora•added 2026/06/17 8:44 a.m.•7 views

[SECURITY] Fedora 44 Update: ldns-1.9.2-1.fc44

ldns is a library with the aim to simplify DNS programming in C. All low-level DNS/DNSSEC operations are supported. We also define a higher level API which allows a programmer to for instance create or sign packets...

8.2CVSS5.2AI score0.00147EPSS

Exploits0

Positive Technologies•added 2026/06/16 12:0 a.m.•11 views

PT-2026-50148

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.8.0 Description The Node.js compatibility TCP path fails to re-verify network permissions after hostname resolution. While the network permission model is intended to apply rules to the resolved IP address, affected...

6.5CVSS5.9AI score0.00108EPSS

Exploits0References4

Positive Technologies•added 2026/06/15 12:0 a.m.•13 views

PT-2026-49574

Name of the Vulnerable Software and Affected Versions Vite versions prior to 8.0.16 Vite versions prior to 7.3.5 Vite versions prior to 6.4.3 Description On Windows, the development server fails to correctly normalize NTFS Alternate Data Streams ADS path forms and 8.3 short name compatibility pat...

8.2CVSS5.8AI score0.00402EPSS

Exploits1References4

EUVD•added 2026/06/12 2:27 a.m.•11 views

EUVD-2026-36382

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

5.9CVSS6.7AI score0.00155EPSS

Exploits0References1

RedhatCVE•added 2026/06/11 2:59 a.m.•9 views

CVE-2026-53674

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

7.1CVSS5.5AI score0.00288EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:1 p.m.•7 views

CVE-2026-45487

Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00184EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by