CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/22 1:53 p.m.•23 views

CVE-2026-31443 dmaengine: idxd: Fix crash when the event log is disabled

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when the event log is disabled If reporting errors to the event log is not supported by the hardware, and an error that causes Function Level Reset FLR is received, the driver will try to restore the...

0.00015EPSS

Exploits0References3

Vulnrichment•added 2026/03/26 12:34 a.m.•1 views

CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS5.9AI score0.00122EPSS

Exploits1References2

Cvelist•added 2026/03/26 12:34 a.m.•21 views

CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

7.5CVSS0.00122EPSS

Exploits1References2

Github Security Blog•added 2026/03/25 5:40 p.m.•4 views

LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

Summary LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined with a string flattening operation e.g., replace filter, this causes a V8 Fatal error that crashes the...

7.5CVSS6.1AI score0.00122EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/03/25 12:0 a.m.•1 views

PT-2026-28162

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.1 Description LiquidJS’s memoryLimit security feature can be bypassed using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. When combined with a string flattenin...

7.5CVSS5.8AI score0.00122EPSS

Exploits1References5

EUVD•added 2026/03/04 6:31 p.m.•2 views

EUVD-2026-9461

Multiple Cisco products are affected by a vulnerability in the Snort 3 Visual Basic for Applications VBA feature which could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to lack of proper error checking when decompressing VBA...

NVD•added 2026/03/04 6:16 p.m.•3 views

CVE-2026-20054

Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper error checking when decompressing VBA data. An attacker could exploit this...

5.8CVSS0.00042EPSS

CVE•added 2026/03/04 5:47 p.m.•6 views

CVE-2026-20057

CVE-2026-20057 affects multiple Cisco products via the Snort 3 VBA feature. The issue stems from lack of proper error checking when decompressing VBA data, enabling an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash and restart, resulting in a DoS (availability imp...

Vulnrichment•added 2026/03/04 5:46 p.m.•1 views

CVE-2026-20053 Cisco Secure Firewall Threat Defense Software Snort 3 Visual Basic for Application Heap Overflow Denial of Service Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An...

Positive Technologies•added 2026/03/04 12:0 a.m.•1 views

PT-2026-23019

Positive Technologies•added 2026/03/04 12:0 a.m.•2 views

PT-2026-23020

RedhatCVE•added 2026/01/09 12:37 p.m.•2 views

CVE-2023-49322

Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 a...

7.5CVSS6.9AI score0.00148EPSS

CNNVD•added 2025/11/21 12:0 a.m.•2 views

vLLM 输入验证错误漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. An input validation error vulnerability exists in vLLM versions 0.5.5 through prior to 0.11.1, which stems from improper handling of multimodal embedded inputs and could cause the engine...

8.3CVSS6.3AI score0.00089EPSS

Exploits0References4

OSV•added 2025/11/20 9:23 p.m.•0 views

GHSA-PMQF-X6X8-P7QW vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs

Summary Users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether the model is intended to support such inputs as defined in the Supported Models page. The issue has...

8.3CVSS5.9AI score0.00089EPSS

Exploits0References6

EUVD•added 2025/10/15 6:31 p.m.•1 views

EUVD-2025-34665

Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in the logic of buffer...

6.5CVSS6.2AI score0.00159EPSS