CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Important: nvidia-kmod-common

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

Important: libnvsdm

Amazon•added 2026/06/08 12:0 a.m.•7 views

Important: libnvidia-nscq

Important: nvidia-driver

Medium: device-mapper-persistent-data

Issue Overview: An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper-persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when a custom logger accesses rand::rng or rand::threadrng during reseeding, resultin...

5.5AI score

Positive Technologies•added 2026/06/08 12:0 a.m.•8 views

PT-2026-47521

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An inappropriate implementation in the Passwords component allows a remote attacker to leak cross-origin data by using a crafted HTML page. Recommendations Update to version...

Positive Technologies•added 2026/06/08 12:0 a.m.•10 views

Exploits4References86

PT-2026-47494

Name of the Vulnerable Software and Affected Versions Google Chrome on Linux and ChromeOS versions prior to 149.0.7827.103 Description An uninitialized use in codecs allows a remote attacker to leak cross-origin data, which is data from a different origin than the one that initiated the request, ...

9.6CVSS6AI score0.01654EPSS

Exploits4References84

Positive Technologies•added 2026/06/08 12:0 a.m.•10 views

PT-2026-47491

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An out of bounds read in Dawn allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. An out of bounds read occurs when a program reads data past the...

Positive Technologies•added 2026/06/08 12:0 a.m.•11 views

Exploits4References85

PT-2026-47511

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description An inappropriate implementation in MediaCapture allows a remote attacker to leak cross-origin data, which is data from a different origin than the one that initiated the request...

Positive Technologies•added 2026/06/08 12:0 a.m.•8 views

Exploits4References84

PT-2026-47510

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient policy enforcement in the Network component allows a remote attacker who has compromised the utility process to leak cross-origin data through the use of a crafted HTML...

Positive Technologies•added 2026/06/08 12:0 a.m.•9 views

Exploits4References85

PT-2026-47517

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient validation of untrusted input in the New Tab Page allows a remote attacker who has compromised the renderer process to leak cross-origin data using a crafted HTML page...

Positive Technologies•added 2026/06/08 12:0 a.m.•10 views

Exploits4References86

PT-2026-47501

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An out of bounds read occurs in Skia, a graphics library. This allows a remote attacker who has already compromised the renderer process to leak cross-origin data by using a specially...

9.6CVSS6AI score0.01654EPSS

Exploits4References85

Amazon•added 2026/06/08 12:0 a.m.•7 views

Important: cuda-compat

Amazon•added 2026/06/08 12:0 a.m.•7 views

Important: nvidia-open

Positive Technologies•added 2026/06/08 12:0 a.m.•12 views

PT-2026-47453

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description bz2.BZ2Decompressor objects can be reused following a decompression error. If an application catches the resulting OSError and attempts to retry using the same decompressor, specially crafted...

8.2CVSS5.4AI score0.00376EPSS

Exploits0References24

Important: nvidia-settings

Packet Storm News•added 2026/06/08 12:0 a.m.•7 views

Now You (Still) See Me: Detecting Evasive Steganographic Payloads in LLMs

Large language models can be fine-tuned to encode prompt-borne secrets into fluent, seemingly benign outputs. This creates a steganographic exfiltration risk that is difficult to detect with output-level steganalysis. Recent work proposes mechanistic detection using linear probes that recover the...

5.5AI score

Snyk•added 2026/06/08 12:0 a.m.•7 views

Deserialization of Untrusted Data

Overview org.springframework:spring-jms is a maven plugin for Spring JMS. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via deserialization in MappingJackson2MessageConverter and JacksonJsonMessageConverter within an untrusted JMS environment. An attacker c...

9.2CVSS6.2AI score0.00257EPSS

Exploits0References2

8.1CVSS5.4AI score0.01143EPSS

Medium: memcached

Issue Overview: In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass. CVE-2026-47783 In memcached before 1.6.42, password data for SASL password database...