CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1231 matches found

EUVD-2026-39427

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...

6.3CVSS5.8AI score0.00312EPSS

Exploits0References1

EUVD•added 4 days ago•3 views

EUVD-2026-39342

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp HDMI HDCP2 rxidlist read to buffer size Why & How During HDCP 2.x repeater authentication over HDMI, the driver reads the sink's RxStatus register and extracts a 10-bit message size field max value 1023. Th...

6AI score0.00212EPSS

Exploits0References9

Positive Technologies•added 4 days ago•9 views

PT-2026-52451

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description In the Nokogiri XML and HTML library for Ruby, the root= method of Nokogiri::XML::Document only validates that the new root is a Nokogiri::XML::Node. This allows a DTD Document Type Definition node...

6.3CVSS5.7AI score0.00312EPSS

Exploits0References3

Positive Technologies•added 5 days ago•5 views

PT-2026-52182

Name of the Vulnerable Software and Affected Versions OliveTin affected versions not specified Description The filterToDefinedArgumentsOnly function in the executor fails to properly restrict arguments, allowing any argument starting with the ot prefix to bypass input filtering. While the system ...

4.3CVSS6.1AI score

Exploits0References5

ATTACKERKB•added last week•4 views

CVE-2026-56109

The Advanced Linux Sound Architecture ALSA library before 1.2.16.1 contains a double-free vulnerability in parsedef in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parsedef...

7CVSS5.9AI score0.00138EPSS

Exploits0References5

Cvelist•added 2026/06/19 2:16 p.m.•30 views

CVE-2016-20085 Realtek High Definition Audio Driver 6.0.1.6730 Privilege Escalation

Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute...

8.5CVSS0.00114EPSS

Exploits0References2

AstraLinux•added 2026/06/19 11:10 a.m.•5 views

Astra Linux – Vulnerability in libwoodstox-java

Those who use Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow. This vulnerability could potentially all...

7.5CVSS6.5AI score0.19653EPSS

Exploits1References2

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fixed a potential memory leak in “addwidgetnode”. Since “kobjectadd” may allocate memory for “kobject-name” when returning an error. In this function, if the call to “kobjectadd” fails, the memory is not freed...

5.5CVSS6.1AI score0.0016EPSS

Exploits0References2

AstraLinux•added 2026/06/19 11:10 a.m.•10 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind When the device is bound, we register the HDMI codec device. However, we do not unregister it when the device is unbound, resulting in a device leakage issue. We need to unregister...

3.3CVSS5AI score0.00201EPSS

Exploits0References2

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211: Set correct chandef when starting CAC When starting CAC in a mode other than AP mode, it returns a message: “WARNING: CPU: 0 PID: 63 at cfg80211chandefdfsusable+0x20/0xaf cfg80211” This issue is caused by the...

5.5CVSS6.2AI score0.00234EPSS

Exploits0References2

AstraLinux•added 2026/06/19 11:10 a.m.•1 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: synclinked regs must preserve subregdef Range propagation must not affect subregdef marks. Otherwise, the following example is rewritten incorrectly by the verifier when the BPFFTESTRNDHI32 flag is set: 0: call bpfktimegetns...

5.5CVSS6.3AI score0.00203EPSS

Exploits0References2

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: Intel: hda: Fixed NULL pointer dereferencing issues. If there is a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the...

5.5CVSS5.7AI score0.00127EPSS

Exploits0References1

AstraLinux•added 2026/06/19 11:10 a.m.•2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fixed a UAF Use-after-Free in LED devices during unbinding. LED devices created by HD-audio codec drivers are registered using devmledclassdevregister, and they are associated with the HD-audio codec device...

7.8CVSS5.2AI score0.00234EPSS

Exploits0References2

AstraLinux•added 2026/06/19 11:10 a.m.•7 views

Astra Linux – Vulnerability in expat

In Expat also known as libexpat, before version 2.4.5, an attacker could trigger stack exhaustion in buildmodel by using a large nesting depth in the DTD element...

6.5CVSS6.6AI score0.03268EPSS

Exploits0References2

NVD•added 2026/06/17 8:17 p.m.•10 views

CVE-2026-50107

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS0.00492EPSS

Exploits0References1

EUVD•added 2026/06/17 8:4 p.m.•9 views

EUVD-2026-37792

8.6CVSS5.6AI score0.00492EPSS

Exploits0References1

Cvelist•added 2026/06/17 8:4 p.m.•17 views

CVE-2026-50107 NGINX Gateway Fabric vulnerability

8.6CVSS0.00492EPSS

Exploits0References1

F5 Networks•added 2026/06/17 1:43 p.m.•11 views

K000161611: NGINX Gateway Fabric vulnerability CVE-2026-11311

Security Advisory Description When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens...

8.6CVSS5.5AI score0.0059EPSS

Exploits0Affected Software1

Cvelist•added 2026/06/17 8:13 a.m.•25 views

CVE-2026-27869 WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service DoS on the web interface of the device. This issue affects Regesta Smart...

6.9CVSS0.00394EPSS

Exploits0References5