CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Debian CVE•added 2026/05/20 9:17 a.m.•6 views

CVE-2026-32792

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support '--enable-dnscrypt'. A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit...

8.2CVSS6AI score0.00337EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Calling setnotificationdone without holding the proc lock. Consider the following sequence of events when a death listener is triggered: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local proces...

5.5CVSS5.3AI score0.0009EPSS

Exploits0References1

UbuntuCve•added 2026/05/20 12:0 a.m.•6 views

CVE-2026-32792

8.2CVSS6AI score0.00337EPSS

OSV•added 2026/05/20 12:0 a.m.•2 views

UBUNTU-CVE-2026-32792

8.2CVSS6AI score0.00337EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: xhci: Fixed null pointer dereferencing when the host dies. Ensure that xhcifreedev and xhcikillendpointurbs do not race with each other, and thus avoid null pointer dereferencing when the host suddenly dies. The USB core may...

4.7CVSS5.2AI score0.0024EPSS

Exploits0References2

OSV•added 2026/04/06 10:54 p.m.•2 views

GHSA-F9JP-856V-8642 PocketMine-MP: Player entities can still die and drop items in flaggedForDespawn state

Summary When an entity dies, the entity is flagged for despawn, but remains in the World's entity table, meaning it's still accessible by doing World-getEntity$entityId and other methods. The same is true of a player when quitting the server. When a network packet arrives from a client to attack ...

3.7CVSS5.9AI score

SUSE CVE•added 2026/03/29 11:23 p.m.•4 views

SUSE CVE-2026-23400

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

OSV•added 2026/03/29 1:16 p.m.•3 views

UBUNTU-CVE-2026-23400

ATTACKERKB•added 2026/03/29 12:55 p.m.•1 views

CVE-2026-23400

5.8AI score0.0009EPSS

Exploits0References4Affected Software1

CVE•added 2026/03/29 12:55 p.m.•19 views

CVE-2026-23400

Summary of CVE-2026-23400 : In the Linux kernel, the rust_binder component is affected by a deadlock risk when processing death notifications. The root cause is calling set_notification_done() while the process lock (proc lock) is still held and the current thread is not a looper, which can cause...

Exploits0References3Affected Software1

OSV•added 2026/03/29 12:55 p.m.•3 views

CVE-2026-23400 rust_binder: call set_notification_done() without proc lock

SUSE CVE•added 2026/03/25 4:54 p.m.•3 views

Exploits0References6

SUSE CVE-2026-23394

In the Linux kernel, the following vulnerability has been resolved: afunix: Give up GC if MSGPEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a race with MSGPEEK with a nice repro. This is the exact same issue previously fixed by commit cbcf01128d0...

4.7CVSS5.7AI score0.00089EPSS

CVE•added 2026/03/17 8:20 p.m.•16 views

CVE-2026-2809

CVE-2026-2809 concerns Netskope’s Endpoint DLP Driver DLL Injector on Windows. Reported as a potential integer overflow in the DLL Injector, exploiting it may cause a local BSOD and denial of service, with exploitation requiring the Endpoint DLP module to be enabled in the client configuration. C...

6.7CVSS5.8AI score0.00158EPSS

Exploits0References1

Wired Threat Level•added 2026/02/19 11:18 p.m.•7 views

An FBI ‘Asset’ Helped Run a Dark Web Site That Sold Fentanyl-Laced Drugs for Years

A staffer of the Incognito dark web market was secretly controlled by the FBI—and still allegedly approved the sale of fentanyl-tainted pills, including those from a dealer linked to a confirmed death...

5.5AI score

Malwarebytes•added 2026/02/19 11:16 a.m.•7 views

Meta patents AI that could keep you posting from beyond the grave

Tech bros have been wanting to become immortal for years. Until they get there, their fallback might be continuing to post nonsense on social media from the afterlife. On December 30, 2025, Meta was granted US patent 12513102B2: Simulation of a user of a social networking system using a language...

5.5AI score

Trellix•added 2026/02/11 12:0 a.m.•8 views

Dark Web Roast - January 2026 Edition

Dark Web Roast - January 2026 Edition By Trellix Advanced Research Center · February 11, 2026 Executive Summary Welcome to January 2026's underground intelligence roundup, where criminal masterminds continue to demonstrate that the phrase "honour among thieves" remains the greatest oxymoron in...

5.4AI score

Positive Technologies•added 2026/01/01 12:0 a.m.•2 views

PT-2026-28333

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the rust binder component related to handling binder death notifications. Specifically, the set notification done function may be called without...

5.9AI score0.0009EPSS

Exploits0References8

SUSE CVE•added 2025/12/17 12:24 a.m.•3 views

SUSE CVE-2025-68260

In the Linux kernel, the following vulnerability has been resolved: rustbinder: fix race condition on deathlist Rust Binder contains the following unsafe operation: // SAFETY: A NodeDeath is never inserted into the death list // of any node other than its owner, so it is either in this // death...

5.5CVSS6.3AI score0.00185EPSS