CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added last week•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: initramfs: Avoid filename buffer overflow The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as follows: plaintext 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 +...

7.8CVSS6.6AI score0.00241EPSS

AstraLinux•added last week•10 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: kthread: Consolidated the exit paths of kthreads to prevent use-after-free situations. Guillaume reported crashes during KUnit testing due to corrupted RCU callback function pointers. The crash was traced back to the pidfs...

9.8CVSS5.8AI score0.00456EPSS

AstraLinux•added last week•1 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fixed doregisterframebuffer to prevent null-ptr-dereference in fbvideomodetovar. If fbaddvideomode in doregisterframebuffer fails to allocate memory for fbvideomode, it will later lead to a null-ptr dereference in...

5.5CVSS6.3AI score0.00137EPSS

AstraLinux•added last week•5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211: Purge vif txq in ieee80211dostop After ieee80211dostop, the packets from vif’s txq could still be processed. Indeed, another concurrent call to scheduleandwaketxq from vif could cause those packets to be dequeued...

5.5CVSS6.2AI score0.00157EPSS

AstraLinux•added last week•3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: jbd2: Added a miss release buffer head in fcdoonepass. In fcdoonepass, a miss release buffer head is added after use, which can lead to a reference count leak...

5.4AI score0.00201EPSS

NVD•added 2026/06/18 8:16 p.m.•17 views

CVE-2026-56099

OpenBSD before commit 6a23123 2026-06-18 contains an out-of-bounds read vulnerability in the mplsdoerror function within sys/netmpls/mplsinput.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set...

6.9CVSS0.00356EPSS

Exploits1References5

Positive Technologies•added 2026/06/13 12:0 a.m.•11 views

PT-2026-49183

CVE-2026-54095 - Rejected reason: CVE REJECT DO NOT USE THIS CVE ID :CVE-2026-54095 Published : June 12, 2026, 10:16 p.m. | 3 hours, 19 minutes ago Description :Rejected reason: CVE REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate is a duplicate of...

5.3AI score0.00039EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46845

Summary The log file name parameter in the stata do API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands includi...

9.3CVSS6AI score

Exploits0References5

NVD•added 2026/06/03 6:16 p.m.•12 views

CVE-2026-46259

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading realparent in dotaskstat When reading /proc/pid/stat, dotaskstat accesses task-realparent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- dotaskstat var =...

7.8CVSS0.0012EPSS

ATTACKERKB•added 2026/06/03 3:49 p.m.•9 views

CVE-2026-46259

5.7AI score0.0012EPSS

Exploits0References9Affected Software1

Cvelist•added 2026/06/03 3:49 p.m.•36 views

CVE-2026-46259 procfs: fix missing RCU protection when reading real_parent in do_task_stat()

7.8CVSS0.0012EPSS

CVE•added 2026/06/03 3:49 p.m.•41 views

CVE-2026-46259

In the Linux kernel procfs path do_task_stat() reading /proc/[pid]/stat, task->real_parent is accessed without proper RCU protection, enabling a potential Use-After-Free when another task is released. The fix switches from task_tgid_nr_ns() to task_ppid_nr_ns() to add proper RCU protection for...

7.8CVSS5.8AI score0.0012EPSS

Exploits0References8Affected Software1

EUVD•added 2026/06/03 3:49 p.m.•8 views

EUVD-2026-34121

5.8AI score0.0012EPSS

CNNVD•added 2026/06/03 12:0 a.m.•5 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the procfs module’s lack of RCU protection when reading task-realparent in the dotaskstat functio...

7.8CVSS5.3AI score0.0012EPSS

NVD•added 2026/06/01 3:16 p.m.•12 views

CVE-2025-60481

A NULL pointer dereference in the gfodfac4cfgdsiv1 function /odf/descriptors.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted AC4 file...

5.5CVSS0.00143EPSS

Exploits0References5

Snyk•added 2026/05/29 11:52 p.m.•8 views

Malicious Package

Overview @t-in-one/applicationidstoragekeytoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.8AI score

ATTACKERKB•added 2026/05/29 4:35 p.m.•5 views

CVE-2026-9194

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.8AI score

NVD•added 2026/05/29 2:16 p.m.•14 views

CVE-2026-40528

OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the dokeyvalue function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry...

7.8CVSS0.00146EPSS