CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/05/27 12:57 p.m.•8 views

SUSE CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

6.5CVSS5.9AI score0.0018EPSS

Cvelist•added 2026/05/27 12:17 p.m.•32 views

CVE-2026-45919 sched/rt: Skip currently executing CPU in rto_next_cpu()

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Skip currently executing CPU in rtonextcpu CPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound RT task, and a CFS task stuck in kernel space. When other CPUs switch from RT to non-RT tasks, RT load...

0.0019EPSS

CVE•added 2026/05/27 12:17 p.m.•16 views

CVE-2026-45919

The CVE-2026-45919 entry covers a Linux kernel vulnerability in the sched/rt path where CPU0 becomes overloaded during RT and non-RT task interactions, triggering self-IPI loops during RT load balancing. The root cause is that rto_next_cpu() could restart its search from -1 due to increments to r...

5.8AI score0.0019EPSS

Cvelist•added 2026/05/27 12:17 p.m.•33 views

CVE-2026-45900 crypto: caam - fix netdev memory leak in dpaa2_caam_probe

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix netdev memory leak in dpaa2caamprobe When commit 0e1a4d427f58 "crypto: caam: Unembed netdev structure in dpaa2" converted embedded netdevice to dynamically allocated pointers, it added cleanup in...

0.002EPSS

CVE•added 2026/05/27 12:17 p.m.•9 views

CVE-2026-45900

The CVE-2026-45900 issue affects the Linux kernel crypto/caam path for DPAA2: after embeddable net_dev structures were changed to dynamic pointers, error paths in dpaa2_dpseci_setup could leak netdev allocations if dpaa2_dpseci_dpio_setup() failed, even with deferred probing. The fix preserves th...

5.7AI score0.002EPSS

Cvelist•added 2026/05/27 12:16 p.m.•36 views

CVE-2026-45884 apparmor: avoid per-cpu hold underflow in aa_get_buffer

In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid per-cpu hold underflow in aagetbuffer When aagetbuffer pulls from the per-cpu list it unconditionally decrements cache-hold. If hold reaches 0 while count is still non-zero, the unsigned decrement wraps to UINTMAX...

0.002EPSS

CVE•added 2026/05/27 12:16 p.m.•9 views

CVE-2026-45884

The CVE-2026-45884 issue affects the Linux kernel’s AppArmor path, where aa_get_buffer() decrements cache->hold when pulling from the per-CPU list. If hold hits 0 while count is non-zero, the unsigned decrement can wrap to UINT_MAX, keeping hold non-zero and preventing aa_put_buffer() from ret...

5.8AI score0.002EPSS

Debian CVE•added 2026/05/27 12:16 p.m.•6 views

CVE-2026-45884

5.7AI score0.002EPSS

Exploits0

Debian CVE•added 2026/05/27 12:16 p.m.•8 views

CVE-2026-45880

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Release per-CPU pgmap ref when vminsertpage fails When vminsertpage fails in p2pmemallocmmap, p2pmemallocmmap doesn't invoke percpurefput to free the per-CPU ref of pgmap acquired after genpoolallocowner, and...

5.7AI score0.002EPSS

Exploits0

OSV•added 2026/05/27 11:16 a.m.•2 views

UBUNTU-CVE-2026-45840

5.8AI score0.0018EPSS

RedHat Linux•added 2026/05/27 9:41 a.m.•9 views

serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

A flaw was found in serialize-javascript. An attacker can exploit this vulnerability by providing a specially crafted "array-like" object with an excessively large length property during the serialization process. This action causes the application to enter an intensive loop, leading to 100% CPU...

7.5CVSS5.8AI score0.00473EPSS

Exploits0References7

Cvelist•added 2026/05/27 9:24 a.m.•29 views

CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies

0.0018EPSS

ATTACKERKB•added 2026/05/27 9:24 a.m.•5 views

CVE-2026-45840

5.8AI score0.0018EPSS

Exploits0References6Affected Software1

NVD•added 2026/05/27 4:16 a.m.•13 views

CVE-2026-48959

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

7.5CVSS0.00393EPSS

UbuntuCve•added 2026/05/27 4:16 a.m.•11 views

CVE-2026-48959

7.5CVSS5.7AI score0.00393EPSS

Exploits0References5

OSV•added 2026/05/27 4:16 a.m.•4 views

UBUNTU-CVE-2026-48959

7.5CVSS5.7AI score0.00393EPSS

Exploits0References6

SUSE CVE•added 2026/05/27 2:52 a.m.•10 views

SUSE CVE-2026-9496

Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function's regex replacement and string-manipulation logic, causing...

8.7CVSS5.8AI score0.00458EPSS