CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2lwdt: Fixed the 32-bit overflow issue. The value of timercycleus can be 0 due to 32-bit overflow. For example, if we assign the counter value “0xfff” for computing maxval. This patch fixes this issue by appending...

5.5CVSS5.5AI score0.00237EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: igc: Fix the PTM cycle trigger logic Writing to clear the “valid” bit of the PTM status while the PTM cycle is triggered results in unreliable PTM operations. To address this issue, clear the PTM “trigger” and status after each P...

5.5CVSS6.2AI score0.00225EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: The issue where inline data checks might be performed during dio write operations has been fixed. According to syzbot, the following warning from ext4iomapbegin is triggered as of the referenced commit: c if...

4.7CVSS5.8AI score0.00179EPSS

RedhatCVE•added 2026/06/11 2:59 p.m.•10 views

CVE-2026-49495

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS5.5AI score0.00151EPSS

Exploits1References1

OSSF Malicious Packages•added 2026/06/11 5:6 a.m.•11 views

Malicious code in webpack-cache-cycle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...

5.5AI score

Github Security Blog•added 2026/06/04 2:38 p.m.•17 views

Strawberry GraphQL has a Circular Fragment Reference DOS

Summary The QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth function enters an infinite recursion, leading to a RecursionError and crashing the...

5.3CVSS5.8AI score0.00296EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/06/04 2:6 p.m.•9 views

CVE-2026-47706 Strawberry GraphQL has a Circular Fragment Reference DOS

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

5.3CVSS5.8AI score0.00296EPSS

Exploits1References2

Vulnrichment•added 2026/06/03 12:0 a.m.•8 views

CVE-2026-36605

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HTTP requests, causing a persistent crash that requires physical power cycling to recover...

5.8AI score0.00177EPSS

Cvelist•added 2026/06/03 12:0 a.m.•35 views

CVE-2026-36605

0.00177EPSS

EUVD•added 2026/06/03 12:0 a.m.•11 views

EUVD-2026-34144

6.5CVSS5.8AI score0.00177EPSS

ATTACKERKB•added 2026/06/03 12:0 a.m.•7 views

CVE-2026-36605

6.5CVSS5.8AI score0.00177EPSS

NVD•added 2026/06/01 5:17 p.m.•13 views

CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

6.5CVSS0.00295EPSS

OSV•added 2026/06/01 5:17 p.m.•6 views

UBUNTU-CVE-2026-44740

6.5CVSS5.7AI score0.00295EPSS

Exploits0References5

Cvelist•added 2026/06/01 4:4 p.m.•29 views

CVE-2026-44740 go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion

6.5CVSS0.00295EPSS

Vulnrichment•added 2026/06/01 4:4 p.m.•10 views

CVE-2026-44740 go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion

6.5CVSS5.7AI score0.00295EPSS

CVE•added 2026/06/01 4:4 p.m.•34 views

CVE-2026-44740

CVE-2026-44740 affects the go-billy interface filesystem abstraction. Before 5.9.0 and 6.0.0-alpha.1, multiple components may mishandle crafted input, risking panics, infinite loops, uncontrolled recursion, or excessive resource consumption due to missing validation, cycle detection, and defensiv...

6.5CVSS5.7AI score0.00295EPSS

NVD•added 2026/05/29 1:16 p.m.•20 views

CVE-2026-49324

Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...

4.6CVSS0.00174EPSS

CVE•added 2026/05/29 12:32 p.m.•21 views

CVE-2026-49324

The CVE-2026-49324 affects the Wireless Control Module (WCM) in the Indian Motorcycle Scout Bobber + Tech 2025 model year. The root cause is an exploitable brute‑force lockout that is reachable via any unauthenticated in‑vehicle network message, with no session binding and no reset on power cycle...

4.6CVSS5.8AI score0.00174EPSS