CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/27 2:17 p.m.•3 views

CVE-2026-46080

In the Linux kernel, the following vulnerability has been resolved: ocfs2: split transactions in dio completion to avoid credit exhaustion During ocfs2 dio operations, JBD2 may report warnings via following call trace: ocfs2dioendiowrite ocfs2markextentwritten ocfs2changeextentflag ocfs2splitexte...

0.00032EPSS

Exploits0References8

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: The use of smbdirectsocketrecvio.credits.available is problematic. The logic for managing recv credits by counting posted recvio and granted credits is flawed. This is because the peer might have already consumed a...

4.7CVSS5.5AI score0.00014EPSS

EUVD•added 2026/05/12 9:31 a.m.•3 views

EUVD-2026-29403

The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

NVD•added 2026/05/12 9:16 a.m.•5 views

CVE-2026-6256

6.4CVSS0.00032EPSS

Cvelist•added 2026/05/12 7:48 a.m.•30 views

CVE-2026-6256 Credits Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute

6.4CVSS0.00032EPSS

CVE•added 2026/05/12 7:48 a.m.•8 views

CVE-2026-6256

CVE-2026-6256 affects the WordPress plugin Credits Shortcode (versions

Vulnrichment•added 2026/05/12 7:48 a.m.•3 views

CVE-2026-6256 Credits Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute

ATTACKERKB•added 2026/05/12 7:48 a.m.•2 views

CVE-2026-6256

Positive Technologies•added 2026/05/12 12:0 a.m.•5 views

PT-2026-39958

CNNVD•added 2026/05/12 12:0 a.m.•5 views

WordPress plugin Credits Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00032EPSS

RedhatCVE•added 2026/05/11 8:25 p.m.•5 views

CVE-2026-42193

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...

9.1CVSS5.7AI score0.00018EPSS

Patchstack•added 2026/05/11 7:2 p.m.•3 views

WordPress Credits Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Credits Shortcode versions = 1.2...

6.4CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

OSV•added 2026/05/11 4:20 p.m.•0 views

GHSA-PW8R-6689-XVF4 Angular Expressions - Remote Code Execution using filters

Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: const expressions = require"angular-expressions"; const result = expressions.compile"a | proto", ; This should throw the error : Filter 'proto' is not...

9.3CVSS6.5AI score0.00108EPSS

EUVD•added 2026/05/08 9:12 p.m.•4 views

EUVD-2026-28832

9.1CVSS5.7AI score0.00018EPSS

Cvelist•added 2026/05/08 9:12 p.m.•24 views

CVE-2026-42193 Plunk: SNS webhook forgery

9.1CVSS0.00018EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2dioendiowrite estimates number of necessary transaction credits using ocfs2calcextendcredits. This however does not take into account that the IO cou...

5.5CVSS6.6AI score0.00022EPSS

Tenable Nessus•added 2026/04/29 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-31538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.recvio.credits.available The logic off managing rec...

7.5CVSS5.7AI score0.00054EPSS

RedhatCVE•added 2026/04/27 12:25 p.m.•2 views

CVE-2026-31538

A flaw was found in the Linux kernel's Server Message Block SMB direct server. A race condition exists in the logic responsible for managing receive credits. This occurs because the system's method of counting posted receive input/output recvio and granted credits is susceptible to timing issues...

7.5CVSS5.4AI score0.00054EPSS

SUSE CVE•added 2026/04/25 1:40 a.m.•2 views

SUSE CVE-2026-31535

In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

4.7CVSS5.5AI score0.00014EPSS