CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

PyPA•added 3 days ago•3 views

PYSEC-2026-186

7.3CVSS6AI score0.0006EPSS

Cvelist•added 3 days ago•31 views

CVE-2026-45360 Apache Airflow: Arbitrary import in custom deadline-reference deserialization

0.0006EPSS

Vulnrichment•added 3 days ago•3 views

CVE-2026-45360 Apache Airflow: Arbitrary import in custom deadline-reference deserialization

6AI score0.0006EPSS

CVE•added 3 days ago•16 views

CVE-2026-45360

Summary (CVE-2026-45360) : Apache Airflow’s scheduler-side deadline-reference deserialization in SerializedCustomReference.deserialize_reference can import arbitrary attacker-controlled module paths because there is no allowlist or plugin-registry gate. A DAG author’s code that reaches the schedu...

7.3CVSS6AI score0.0006EPSS

Positive Technologies•added 3 days ago•8 views

PT-2026-45374

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserialize reference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler —...

6AI score0.0006EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•9 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop the dlserver function before the CPU goes offline. The IBM CI tool reported a kernel warning1 when performing a CPU removal operation using drmgr2. Specifically, it reported: “drmgr -c cpu -r -q 1” WARNING:...

5.7AI score0.00024EPSS

ATTACKERKB•added 2026/05/05 7:6 p.m.•1 views

CVE-2026-32934

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC DoQ server can be driven into unbounded goroutine and memory growth by a remote client that opens many QUIC streams and sends only 1 byte per stream. When the worker pool is full, CoreDNS still spawns a...

8.7CVSS5.7AI score0.00235EPSS

Exploits1References3Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: sched/deadline: Only the freecpus field is set for online runqueues. Commit 16b269436b72 “sched/deadline: Modified cpudl::freecpus to reflect rd-online“” introduced the cpudlset/clearfreecpu functions, allowing the...

6AI score0.00068EPSS

Snyk•added 2026/04/30 5:19 p.m.•0 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline process. An attacker can access internal network services and potentially exfiltrate sensitive information by submitting URLs with uppercase schemes that bypass the deny-list...

9.3CVSS5.8AI score0.00014EPSS

Exploits1References2

Packet Storm News•added 2026/04/19 12:0 a.m.•2 views

A Novel Quantum Augmented Framework to Improve Microgrid Cybersecurity

Small modular nuclear reactors SMRs are redefining the energy generation landscape by enabling the deployment of modular, scalable, and pre-built power units that can be used to build distributed autonomous microgrids for critical infrastructure and burgeoning AI factories. Often, these microgrid...

5.8AI score

Exploits0

Malwarebytes•added 2026/04/16 12:33 p.m.•2 views

“iCloud storage is full” scam is back, and now it wants your payment details

A few months ago, we reported on a fake cloud storage alert that triggered a redirect chain to an app that has since been delisted from the Apple Store. The threat of losing your photos is a powerful lure, so scammers are now using it to steal personal and financial details. The Guardian warns...

5.8AI score

Exploits0

HackRead•added 2026/03/27 6:2 p.m.•2 views

Google Sets 2029 Deadline as Quantum Computers Threaten Encryption

Google fast-tracks post-quantum cryptography with a 2029 deadline as researchers warn quantum computers could break current encryption sooner than expected...

5.8AI score

Exploits0

RedhatCVE•added 2026/03/25 7:11 p.m.•0 views

CVE-2026-23371

A flaw was found in the Linux kernel's sched/deadline component. When a SCHEDDEADLINE task, which is a type of real-time task, has its priority class changed to a lower setting, it may not correctly inherit parameters from other DEADLINE tasks. This can lead to corruption in the bandwidth...

5.7AI score0.00017EPSS

Exploits0References4

SUSE CVE•added 2026/03/25 4:55 p.m.•3 views

SUSE CVE-2026-23371

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUEREPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs edited. sched: DL de-boosted task PID 22725: REPLENISH fla...

EUVD•added 2026/03/25 12:30 p.m.•0 views

EUVD-2026-15357

5.7AI score0.00017EPSS

NVD•added 2026/03/25 11:16 a.m.•2 views

CVE-2026-23371

5.5CVSS0.00017EPSS

UbuntuCve•added 2026/03/25 11:16 a.m.•2 views

CVE-2026-23371

OSV•added 2026/03/25 11:16 a.m.•1 views

Exploits0References4

UBUNTU-CVE-2026-23371

CVE•added 2026/03/25 10:27 a.m.•6 views

Exploits0References5

CVE-2026-23371

CVE-2026-23371 (Linux kernel SCHED_DEADLINE) details (from provided docs): The vulnerability arose when a SCHED_DEADLINE task (often a lock holder) moved to a lower class via sched_setscheduler() and failed to inherit the donor DEADLINE parameters, risking bandwidth accounting corruption because ...