CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

97 matches found

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in @lint-md/core (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score

Exploits0References5

Positive Technologies•added 2026/05/13 12:0 a.m.•4 views

PT-2026-40802

Name of the Vulnerable Software and Affected Versions CPython affected versions not specified Description The ftpcp function in Lib/ftplib.py fails to use the actual peer address, instead trusting the host address supplied by the server during a PASV command. This occurs because ftpcp calls...

5.9CVSS5.8AI score0.00051EPSS

Exploits0References10

Tenable Nessus•added 2026/05/11 12:0 a.m.•3 views

Unity Linux 20.1070e Security Update: openvpn (UTSA-2026-017760)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017760 advisory. An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are...

4.3CVSS6.8AI score0.01696EPSS

Exploits1References4

Github Security Blog•added 2026/05/08 5:8 p.m.•4 views

ex_webrtc client-role handshake is missing DTLS peer fingerprint validation

Summary Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with...

8.7CVSS6AI score0.00082EPSS

Exploits0References8Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в openvpn

A vulnerability was discovered in OpenVPN 2.4.x prior to version 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using the victim’s peer-id. Normally, such packets are discarded. However, if this packet arrives before the data channel crypto parameters have been initialized, the...

4.3CVSS6.8AI score0.01696EPSS

Exploits1References2

ATTACKERKB•added 2026/02/19 8:0 p.m.•2 views

CVE-2026-2738

Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet...

6.8CVSS5.6AI score0.00021EPSS

Exploits0References2Affected Software1

SUSE CVE•added 2026/02/16 12:25 a.m.•6 views

SUSE CVE-2026-23170

In the Linux kernel, the following vulnerability has been resolved: drm/imx/tve: fix probe device leak Make sure to drop the reference taken to the DDC device during probe on probe failure e.g. probe deferral and on driver unbind...

4.4CVSS5.2AI score0.00018EPSS

Exploits0References19

OSV•added 2026/02/14 4:15 p.m.•2 views

UBUNTU-CVE-2026-23170

5.5CVSS5.7AI score0.00018EPSS

Exploits0References29

OSV•added 2026/02/14 4:1 p.m.•2 views

CVE-2026-23170 drm/imx/tve: fix probe device leak

5.5CVSS5.2AI score0.00018EPSS

Exploits0References10

CVE•added 2026/02/14 4:1 p.m.•5 views

CVE-2026-23170

CVE-2026-23170 affects the Linux kernel's DRM IMX TVE path; the root cause is a device reference leak to the DDC device during probe (including probe deferral) and on driver unbind. The trusted sources show the issue resolved in kernel updates, with Ubuntu/rootio-root packages (e.g., ROOT-OS-UBUN...

5.5CVSS5.2AI score0.00018EPSS

Exploits0References7Affected Software1

Cvelist•added 2026/02/14 4:1 p.m.•19 views

CVE-2026-23170 drm/imx/tve: fix probe device leak

0.00018EPSS

Exploits0References7

EUVD•added 2026/02/14 4:1 p.m.•3 views

EUVD-2026-5869

5.2AI score0.00018EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-6728

Malware in sbrugna...

7.5CVSS6.5AI score0.02031EPSS

Exploits1References13

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-5317

Malware in sbrugna...

6.5CVSS6.4AI score0.00127EPSS

Exploits4References2

OSV•added 2025/06/18 11:15 a.m.•1 views

DEBIAN-CVE-2022-50116

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. That means that the...

5.5CVSS5.6AI score0.0005EPSS

Exploits0References1

OSV•added 2025/05/01 3:16 p.m.•0 views

DEBIAN-CVE-2022-49909

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix use-after-free in l2capconndel When l2caprecvframe is invoked to receive data, and the cid is L2CAPCIDA2MP, if the channel does not exist, it will create a channel. However, after a channel is created, the...

7.8CVSS6.7AI score0.00024EPSS

Exploits0References1

CNNVD•added 2025/01/15 12:0 a.m.•1 views

OpenVPN Data Channel Offload 代码问题漏洞

OpenVPN Data Channel Offload OpenVPN DCO is a cutting-edge Linux kernel module from OpenVPN designed to revolutionize the performance of VPN servers and clients. A code issue vulnerability exists in OpenVPN Data Channel Offload version 1.1.1. Exploitation of this vulnerability by an unprivileged...

3.3CVSS6.5AI score0.00098EPSS

Exploits0References1

SUSE CVE•added 2025/01/12 12:14 a.m.•1 views

SUSE CVE-2024-57805

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP The linkDMA should not be released on stop trigger since a stream re-start might happen without closing of the stream. This leaves a short time for other streams to...

4.7CVSS7.6AI score0.00019EPSS

Exploits0References3