CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/01 12:0 a.m.•20 views

PT-2026-45548

A NULL pointer dereference in the ext4 dir en get name len function in include/ext4 dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validat...

5.9AI score0.00339EPSS

Exploits0References4

Cvelist•added 2026/06/01 12:0 a.m.•30 views

CVE-2025-70099

A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...

0.00339EPSS

Exploits0References3

The Hacker News•added 2026/05/20 10:30 a.m.•17 views

Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR Typosquatting is no longer a use...

6.2AI score

Qualys Blog•added 2026/05/01 11:59 p.m.•12 views

Handling the Vulnerability Surge in the Post-Mythos Era

How to Operationalize Hyper-Prioritization and Autonomous Remediation with Qualys Executive Summary The Mythos era, defined by a surge of AI-driven vulnerabilities from frontier models like Anthropic 's Claude Mythos, requires security teams to fundamentally move from manual to an autonomous...

5.9AI score

The Hacker News•added 2026/04/28 10:30 a.m.•6 views

After Mythos: New Playbooks For a Zero-Window Era

When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast. Anthropic’s new model, Claude...

6AI score

EUVD•added 2026/04/11 3:30 a.m.•6 views

EUVD-2026-21627

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

NVD•added 2026/04/11 1:16 a.m.•6 views

Exploits0References2

CVE-2026-4149

10CVSS0.00995EPSS

Cvelist•added 2026/04/11 12:12 a.m.•28 views

CVE-2026-4149 Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability

10CVSS0.00995EPSS

ATTACKERKB•added 2026/04/11 12:12 a.m.•3 views

CVE-2026-4149

Vulnrichment•added 2026/04/11 12:12 a.m.•5 views

Exploits0References2

CVE-2026-4149 Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability

10CVSS6.3AI score0.00995EPSS

CVE•added 2026/04/11 12:12 a.m.•29 views

CVE-2026-4149

The CVE-2026-4149 entry concerns Sonos Era 300. Affected component: SMB response handling (DataOffset) leading to out-of-bounds memory access and remote code execution. Impact: attacker can run code with kernel context via a network vector without authentication (high/CRITICAL). CVSS data: NVD/3....

Exploits0References1Affected Software1

CNNVD•added 2026/04/11 12:0 a.m.•4 views

Sonos Era 300 缓冲区错误漏洞

The Sonos Era 300 is a spatial audio speaker from the American company Sonos, equipped with Dolby Atmos technology. The Sonos Era 300 has a buffer error vulnerability, which stems from insufficient validation of the DataOffset field in SMB responses, potentially allowing remote code execution...

Github Security Blog•added 2026/03/17 4:0 p.m.•6 views

Investing in the people shaping open source and securing the future together

Open source has always been about community. It's about maintainers who review pull requests late at night. Volunteers who respond to security reports from strangers. And communities that quietly power the world's software. The reality behind the commits is that maintainers get stretched thin. Th...

5.8AI score

Zero Day Initiative•added 2026/03/16 12:0 a.m.•5 views

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the DataOffset field within SMB responses. The issue results from the lack...

10CVSS6.2AI score0.00995EPSS

Positive Technologies•added 2026/03/16 12:0 a.m.•7 views

PT-2026-25833

Name of the Vulnerable Software and Affected Versions Sonos Era 300 affected versions not specified Description The Sonos Era 300 is affected by an out-of-bounds access issue related to SMB responses, potentially leading to remote code execution. The issue was discovered by dmdung of STAR Labs SG...

10CVSS7.5AI score0.00995EPSS

Exploits0References3

Wiz blog•added 2026/03/13 1:0 p.m.•7 views

Twenty Years of Cloud Security Research

This post will look at the past 20 years of cloud security research, separating the two decades into eras with important milestones defined that resulted in the change of one era to the next...

5.8AI score

Wiz blog•added 2026/01/27 2:12 p.m.•6 views

AI-Powered Forensics, at Cloud Speed

Reviewing Wiz’s approach to forensics in the cloud era, and announcing the public preview of AI-powered, context-aware forensics capabilities...

5.9AI score

Akamai Blog•added 2026/01/16 2:0 p.m.•8 views

Dangling DNS: The Most Overlooked Attack Surface in the AI Era

Closing DNS gaps is crucial for securing your AI agents. Discover how Akamai DNS Posture Management detects dangling DNS and helps stop overlooked threats...

7AI score

Schneier on Security•added 2026/01/13 12:9 p.m.•4 views

1980s Hacker Manifesto

Forty years ago, The Mentor--Loyd Blankenship--published "The Conscience of a Hacker" in Phrack. You bet your ass we're all alike… we've been spoon-fed baby food at school when we hungered for steak… the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominate...

6.9AI score