CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Debian CVE•added 2026/05/20 9:17 a.m.•4 views

CVE-2026-32792

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support '--enable-dnscrypt'. A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit...

8.2CVSS6AI score0.00058EPSS

UbuntuCve•added 2026/05/20 12:0 a.m.•5 views

CVE-2026-32792

8.2CVSS6AI score0.00058EPSS

OSV•added 2026/05/20 12:0 a.m.•1 views

UBUNTU-CVE-2026-32792

8.2CVSS6AI score0.00058EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•0 views

Astra Linux - уязвимость в linux-5.15, linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhcifreedev and xhcikillendpointurbs do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhcifreedev which frees the xhci-devssloti...

4.7CVSS5.9AI score0.00007EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Calling setnotificationdone without holding the proc lock. Consider the following sequence of events when a death listener is triggered: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local proces...

5.5CVSS5.7AI score0.00014EPSS

Exploits0References1

OSV•added 2026/04/06 10:54 p.m.•1 views

GHSA-F9JP-856V-8642 PocketMine-MP: Player entities can still die and drop items in flaggedForDespawn state

Summary When an entity dies, the entity is flagged for despawn, but remains in the World's entity table, meaning it's still accessible by doing World-getEntity$entityId and other methods. The same is true of a player when quitting the server. When a network packet arrives from a client to attack ...

3.7CVSS5.9AI score

SUSE CVE•added 2026/03/29 11:23 p.m.•4 views

SUSE CVE-2026-23400

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

OSV•added 2026/03/29 1:16 p.m.•1 views

UBUNTU-CVE-2026-23400

OSV•added 2026/03/29 12:55 p.m.•1 views

CVE-2026-23400 rust_binder: call set_notification_done() without proc lock

CVE•added 2026/03/29 12:55 p.m.•8 views

Exploits0References6

CVE-2026-23400

Summary of CVE-2026-23400 : In the Linux kernel, the rust_binder component is affected by a deadlock risk when processing death notifications. The root cause is calling set_notification_done() while the process lock (proc lock) is still held and the current thread is not a looper, which can cause...

Exploits0References3Affected Software1

ATTACKERKB•added 2026/03/29 12:55 p.m.•1 views

CVE-2026-23400

5.8AI score0.00014EPSS

Exploits0References4Affected Software1

SUSE CVE•added 2026/03/25 4:54 p.m.•3 views

SUSE CVE-2026-23394

In the Linux kernel, the following vulnerability has been resolved: afunix: Give up GC if MSGPEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a race with MSGPEEK with a nice repro. This is the exact same issue previously fixed by commit cbcf01128d0...

4.7CVSS5.7AI score0.0002EPSS

CVE•added 2026/03/17 8:20 p.m.•9 views

CVE-2026-2809

CVE-2026-2809 is reported as a memory-safety bug in the JavaScript: WebAssembly component, per the FreeBSD VUXML entry for Mozilla—Multiple vulnerabilities. The connected document confirms the issue title but provides no product/version specifics or patch details. No exploitation details are prov...

6.7CVSS5.8AI score0.0002EPSS

Exploits0References1

Wired Threat Level•added 2026/02/19 11:18 p.m.•4 views

An FBI ‘Asset’ Helped Run a Dark Web Site That Sold Fentanyl-Laced Drugs for Years

A staffer of the Incognito dark web market was secretly controlled by the FBI—and still allegedly approved the sale of fentanyl-tainted pills, including those from a dealer linked to a confirmed death...

5.5AI score

Malwarebytes•added 2026/02/19 11:16 a.m.•5 views

Meta patents AI that could keep you posting from beyond the grave

Tech bros have been wanting to become immortal for years. Until they get there, their fallback might be continuing to post nonsense on social media from the afterlife. On December 30, 2025, Meta was granted US patent 12513102B2: Simulation of a user of a social networking system using a language...

5.5AI score

Trellix•added 2026/02/11 12:0 a.m.•2 views

Dark Web Roast - January 2026 Edition

Dark Web Roast - January 2026 Edition By Trellix Advanced Research Center · February 11, 2026 Executive Summary Welcome to January 2026's underground intelligence roundup, where criminal masterminds continue to demonstrate that the phrase "honour among thieves" remains the greatest oxymoron in...

5.6AI score

Positive Technologies•added 2026/01/01 12:0 a.m.•1 views

PT-2026-28333

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the rust binder component related to handling binder death notifications. Specifically, the set notification done function may be called without...

5.9AI score0.00014EPSS

Exploits0References8

SUSE CVE•added 2025/12/17 12:24 a.m.•1 views

SUSE CVE-2025-68260

In the Linux kernel, the following vulnerability has been resolved: rustbinder: fix race condition on deathlist Rust Binder contains the following unsafe operation: // SAFETY: A NodeDeath is never inserted into the death list // of any node other than its owner, so it is either in this // death...

5.5CVSS6.3AI score0.00026EPSS