CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/09 11:52 a.m.•15 views

EUVD-2026-35405

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach and drops the cache's reference on each entry with vgicputirq. It puts...

5.4AI score0.00132EPSS

Tenable Nessus•added 2026/06/09 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-46316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach a...

9.3CVSS5.9AI score0.00132EPSS

Exploits0References3

CNNVD•added 2026/06/09 12:0 a.m.•13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from the vgicitsinvalidatecache function, which incorrectly places an iteration pointer ...

9.3CVSS5.3AI score0.00132EPSS

RedhatCVE•added 2026/06/05 7:35 p.m.•6 views

CVE-2026-32134

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for cleanstart=0...

5.9CVSS5.4AI score0.00401EPSS

RedhatCVE•added 2026/06/05 7:25 p.m.•7 views

CVE-2026-44318

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if t...

6.5CVSS5.6AI score0.00248EPSS

Exploits1References1

Cvelist•added 2026/06/02 2:15 p.m.•35 views

CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...

8.2CVSS0.00384EPSS

Vulnrichment•added 2026/06/02 2:15 p.m.•8 views

CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency

8.2CVSS5.8AI score0.00384EPSS

RedhatCVE•added 2026/06/01 4:3 p.m.•8 views

CVE-2026-9831

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

Fedora•added 2026/06/01 1:1 a.m.•21 views

[SECURITY] Fedora 43 Update: nginx-1.30.2-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS5.8AI score0.014EPSS

Exploits3

Positive Technologies•added 2026/06/01 12:0 a.m.•10 views

PT-2026-47753

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 13031fb6b835 Description A race condition exists in the vGIC-ITS Interrupt Translation Service emulation within KVM on arm64 systems. The issue occurs in the vgic its invalidate cache function, which iterates...

9.3CVSS6AI score0.00145EPSS

Exploits0References87

EUVD•added 2026/05/30 12:30 a.m.•12 views

EUVD-2026-33445

NVD•added 2026/05/29 10:16 p.m.•16 views

Exploits0References2

CVE-2026-9831

6.3CVSS0.00172EPSS

ATTACKERKB•added 2026/05/29 9:19 p.m.•9 views

CVE-2026-9831

Vulnrichment•added 2026/05/29 9:19 p.m.•9 views

Exploits0References2

CVE-2026-9831 ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition

CVE•added 2026/05/29 9:19 p.m.•39 views

CVE-2026-9831

The CVE-2026-9831 entry describes a race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path. Under high-concurrency traffic, requests authenticated with an Extreme Platform ONE /IAM API key could intermittently return data for a different tenant, indicating cross...

Cvelist•added 2026/05/29 9:19 p.m.•35 views

CVE-2026-9831 ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition

6.3CVSS0.00172EPSS

CVE•added 2026/05/29 7:30 p.m.•24 views

CVE-2026-45151

NanoMQ (0.24.8 and earlier) contains a NULL substream pointer dereference in quic_stream_recv when a substream is reopening. The vulnerable code finishes AIO with an error but does not return before locking c->mtx, indicating a potential NULL dereference and an unlocked/locked state issue in t...

6.3CVSS5.9AI score0.00227EPSS

Cvelist•added 2026/05/29 6:2 p.m.•30 views

CVE-2026-47741 Shopper: Race condition on Discount.usage_limit allows silent over-redemption

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS0.00239EPSS

Exploits0References3

CNNVD•added 2026/05/29 12:0 a.m.•7 views

Extreme Networks Extreme Platform ONE IAM Gateway 安全漏洞

The Extreme Networks Extreme Platform ONE IAM Gateway is a network identity and access management gateway provided by Extreme Networks, Inc. There is a security vulnerability present in the Extreme Networks Extreme Platform ONE IAM Gateway, which stems from a race condition in the API key...