CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/08 1:11 p.m.•11 views

CVE-2025-71299

CVE-2025-71299 affects the Linux kernel driver spi_cadence_quadspi. The root cause is a runtime PM interaction during probe: a pm_runtime_disable in error paths could lead to duplicate clock disables when PM is active, especially with missing/broken DT descriptions for flash devices. The document...

5.5CVSS5.8AI score0.00121EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/08 12:0 a.m.•5 views

PT-2026-38924

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the spi: cadence-quadspi driver where a runtime PM Power Management disable operation in the probe function error paths can trigger duplicate clock disables. This occu...

5.5CVSS5.4AI score0.00121EPSS

Exploits0References13

Tenable Nessus•added 2026/04/22 12:0 a.m.•1 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013424)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013424 advisory. The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs...

7.5CVSS5.7AI score0.00905EPSS

Exploits0References3

CNNVD•added 2026/02/14 12:0 a.m.•4 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a notification callback that disables devices within a lock mechanism, potentially leading to a...

5.5CVSS6AI score0.00088EPSS

Exploits0References2

Github Security Blog•added 2026/01/26 11:26 p.m.•6 views

Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName

Impact When running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Patches https://github.com/zalando/skipper/releases/tag/v0.24.0...

8.1CVSS5.9AI score0.00267EPSS

Exploits0References6Affected Software1

HackRead•added 2025/12/05 3:21 p.m.•6 views

New Variant of ClayRat Android Spyware Seize Full Device Control

The dangerous ClayRat Android spyware has evolved, gaining the ability to steal PINs, record screens, and disable security by abusing Accessibility Services. Users must beware of fake apps spreading through phishing sites and Dropbox...

7AI score

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•4 views

Malicious code in local-terser-postcss-loader-eventhoriz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34b65bfa47dbfe04c6f4b072ca313e3d49adb15a955a7b43a2c1fe3e2dee460c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/12 8:46 p.m.•3 views

Malicious code in anais-papimoa-yama02ipaiog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbdb3a20e98656dcc3aa9dd661fc7c5f66f9f7478495675c5ea1e94ae32fd0b0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSV•added 2025/11/12 4:47 p.m.•2 views

MAL-2025-159024 Malicious code in mahnud-magfu-gomumia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ae09b64dc4051109dbe462e5df349a6dc05abd6d026a4f64e1ea819e3c5fff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSV•added 2025/11/12 4:47 p.m.•1 views

MAL-2025-154103 Malicious code in cinta-70 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d520d33b9e443c826680d3fc161b6e48532301ac0b658723be5435a4b47d94d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/12 4:29 a.m.•2 views

Malicious code in zenith-neptune-puppeteer-nuxtjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b10a2fd2615539814c75993efda49b5c595a87b90f8e157b39f9e05971922a5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/12 4:29 a.m.•2 views

Malicious code in aurora-upgrade-venus-barnard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 951efc2b516ca82cd5789c5c2dc66c57bc2c3eb4310668eb2b8e0a6946021ea0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSV•added 2025/11/12 4:29 a.m.•1 views

MAL-2025-145563 Malicious code in nodejs-eris-izar-semantic-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec39bcaa70405a0938d2a98f119d5449f89a0e69773c050500b6743e68c8f9c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSV•added 2025/11/12 4:29 a.m.•1 views

MAL-2025-141056 Malicious code in configstore-koa-auriga-ariel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fec891d8d36bf91550a25ccddc62725c4e39f3ce261e3df0fca4ead91d5fbf2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/11 7:31 a.m.•3 views

Malicious code in miniature_sole_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9e119d149b9e6d81724355aadad4a7a5e402ba356c19befa53ce658c3fd0b4c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/11 7:26 a.m.•1 views

Malicious code in ethnic_flea_replicate_automation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fafa8fd30c7c5cd8e62e9320fd23d7ca98a53199d490c6292ca80644fb4cb6de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/11 5:18 a.m.•2 views

Malicious code in disabled_horse_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 930d7d33b8251ac4484b0cf6bfdcdc8ca58e6a35561875aa7df71b5438f38300 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

OSSF Malicious Packages•added 2025/11/11 5:18 a.m.•3 views

Malicious code in superior_lark_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc48619cd1f4c1f36bd3e786f7c0249467f32a1f6c1f4f3a15f49ea1a8eff939 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...