CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

66 matches found

EUVD•added 2026/05/28 9:35 a.m.•6 views

EUVD-2026-32887

In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...

5.8AI score0.00032EPSS

Exploits0References5

CVE•added 2026/05/28 9:35 a.m.•11 views

CVE-2026-46128

The CVE covers a Linux kernel IPMI issue where event message buffer data size was only validated later in processing instead of immediately after the response. Some BMCs may return an empty message rather than signaling an error when fetching events. The available connected documents indicate thi...

5.8AI score0.00032EPSS

Exploits0References8

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: nvme-pci: added a missing condition check for the existence of the mapped data. The function nvmemapdata is called when the request contains physical segments; therefore, the function nvmeunmapdata should also have the same...

5.5CVSS6.3AI score0.00013EPSS

Exploits0References2

OSV•added 2026/05/05 9:9 p.m.•2 views

CLSA-2026-1777663444 freerdp: Fix of 3 CVEs

CVE-2026-33985: fix information leak in ClearCodec glyph index decode; validate nWidthnHeight for overflow and update glyphEntry-count only after a successful realloc so subsequent reads cannot expose adjacent heap memory - CVE-2022-39283: fix missing length check in /video channel data handler;...

7.5CVSS6AI score0.00347EPSS

Exploits0References1

OSV•added 2026/05/05 12:25 a.m.•2 views

GHSA-6CHQ-WFR3-2HJ9 Axios: Header Injection via Prototype Pollution

Summary A prototype pollution gadget exists in the Axios HTTP adapter lib/adapters/http.js that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type checking of the data payload, where if Object.prototype is polluted with getHeaders,...

7.4CVSS5.8AI score0.00035EPSS

Exploits1References3

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Range check CHDBOFF and ERDBOFF If the value read from the CHDBOFF and ERDBOFF registers is outside the range of the MHI register space then an invalid address might be computed which later causes a kernel panic...

5.5CVSS6.4AI score0.00017EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: kcm: fix strpinit order and cleanup strpinit is called just a few lines above this csk-skuserdata check, it also initializes strp-work etc., therefore, it is unnecessary to call strpdone to cancel the freshly initialized work. An...

5.5CVSS6.1AI score0.00063EPSS

Exploits0References2

SUSE CVE•added 2026/03/25 12:26 a.m.•2 views

SUSE CVE-2026-27840

ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...

4.3CVSS5.9AI score0.00022EPSS

Exploits0References3

CVE•added 2026/03/02 11:22 p.m.•8 views

CVE-2026-1336

The CVE-2026-1336 entry concerns the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin. It is vulnerable to unauthorized access and data modification due to missing capability checks in store_data() and get_chatgpt_api_key() for versions up to 2.7.5. Unauthenticated attackers ...

5.3CVSS5.9AI score0.00089EPSS

Exploits0References3

EUVD•added 2026/02/27 9:22 p.m.•2 views

EUVD-2026-8789

ZITADEL's truncated opaque tokens are still valid...

4.3CVSS5.9AI score0.00022EPSS

Exploits0References6

Redos•added 2026/01/12 12:0 a.m.•3 views

ROS-20260112-7341

A vulnerability in the xfsdir3datacheck function fs/xfs/libxfs/xfsdir2data.c of the Linux operating system kernel is related to reading data beyond buffer boundaries in memory. Exploitation of the vulnerability allows an attacker to cause a denial of service...

7.1CVSS6.7AI score0.00015EPSS

Exploits0

Tenable Nessus•added 2025/12/30 12:0 a.m.•1 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992435)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992435 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: ismt: Fix an out-of-bounds bug in ismtaccess When the driver does not check the data from th...

7.1CVSS5.8AI score0.0002EPSS

Exploits0References4

Tenable Nessus•added 2025/11/05 12:0 a.m.•2 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989864)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989864 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at t...

5.5CVSS6AI score0.00029EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-5295

Malware in sbrugna...

7.1CVSS6.6AI score0.00043EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-3469

Malware in sbrugna...

7.5CVSS7.6AI score0.0024EPSS

Exploits0References2