CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 6 days ago•7 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Fixed data corruption caused by fallocate. When fallocate creates holes in the inode size, if the original size is located in the middle of the last cluster, then the portion of the block from the original size to the end ...

5.5CVSS6.1AI score0.00226EPSS

8.1CVSS7.3AI score0.09116EPSS

Astra Linux – Vulnerability in lz4

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: The vendor states that “only a few specific/rare uses of the API are at risk.”...

7.8CVSS5.4AI score0.0016EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid mapping the wrong physical block for the swapfile. Xiaolong Guo reported a bug related to f2fs in bugzilla 1. 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 As quoted: “When using the ‘stress-ng’ swap...

8.1CVSS7.7AI score0.00641EPSS

Astra Linux – Vulnerability in docker.io-app

Moby version 25.0.3 has a race condition vulnerability in the StreamFormatter package. This vulnerability can be exploited to trigger multiple concurrent write operations, leading to data corruption or application crashes...

9.1CVSS5.7AI score0.01226EPSS

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corruption. Wait for all dependencies of a task to complete before terminating it, to prevent data corruption...

AstraLinux•added 6 days ago•3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cfg80211: Calling cfg80211stopap when switching from P2PGO type If the user-space tools switch from NL80211IFTYPEP2PGO to NL80211IFTYPEADHOC via sendmsgNL80211CMDSETINTERFACE, it does not call the cleanup function cfg80211stopap...

7.8CVSS5.2AI score0.00249EPSS

Positive Technologies•added 6 days ago•10 views

PT-2026-51047

Name of the Vulnerable Software and Affected Versions py7zr version 1.1.0 Description An arbitrary file write issue exists when using the extractall function to extract an archive. The software fails to properly restrict the targets of symbolic links, allowing crafted malicious symbolic link chai...

8CVSS6.3AI score

Exploits0References9

Tenable Nessus•added 2026/06/18 12:0 a.m.•4 views

Siemens SIMATIC S7-1500 TM MFP Use After Free (CVE-2026-28387)

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS7.6AI score0.00631EPSS

Exploits0References4

RedhatCVE•added 2026/06/05 7:22 p.m.•7 views

CVE-2026-7451

A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

7.8CVSS5.9AI score0.00166EPSS

RedhatCVE•added 2026/06/05 7:15 p.m.•9 views

CVE-2026-20879

Out-of-bounds write for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result...

8.3CVSS5.3AI score0.0012EPSS

Tenable Nessus•added 2026/06/03 12:0 a.m.•6 views

RockyLinux 10 : luksmeta (RLSA-2026:18421)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18421 advisory. luksmeta: Data corruption when handling LUKS1 partitions with luksmeta CVE-2025-11568 Tenable has extracted the preceding description block directly from the...

4.4CVSS5.8AI score0.00093EPSS

Exploits0References3

RedhatCVE•added 2026/06/01 10:3 p.m.•12 views

CVE-2026-10099

XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocketreceiveworker routine of simplehttpserver.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of...

5.1CVSS5.8AI score0.00125EPSS

NVD•added 2026/05/29 4:16 p.m.•11 views

CVE-2026-10099

5.1CVSS0.00125EPSS

Exploits0References4

OSV•added 2026/05/29 4:3 p.m.•11 views

RLSA-2026:18421 Moderate: luksmeta security update

LUKSMeta is a simple library for storing metadata in the LUKSv1 header. The luksmeta package is a dependency of the clevis and tang packages, together providing the Network Bound Disk Encryption NBDE in Rocky Linux. Security Fixes: luksmeta: Data corruption when handling LUKS1 partitions with...

4.4CVSS5.8AI score0.00093EPSS