CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6982 matches found

CVE-2026-11409 OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS

Exploits0References3

CVE•added yesterday•18 views

CVE-2026-0646

A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover...

8.7CVSS5.3AI score

Exploits0References1

NVD•added yesterday•5 views

CVE-2026-5416

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

8.8CVSS0.01308EPSS

Exploits0References1

EUVD•added yesterday•6 views

EUVD-2026-37042

8.8CVSS5.5AI score0.01308EPSS

Exploits0References1

CVE•added yesterday•7 views

CVE-2026-5416

The CVE-2026-5416 entry describes a command injection in a Managed Ethernet Switch caused by improper neutralization of special elements in a name parameter. It results in full system compromise with network-based, low-privilege, no-user-interaction exploitation (per CVSS 4.0/3.1 vectors). Connec...

8.8CVSS5.4AI score0.01308EPSS

Exploits0References1

Cvelist•added yesterday•24 views

CVE-2026-5416 Command Injection via name parameter

8.8CVSS0.01308EPSS

Exploits0References1

Ubuntu•added 6 days ago•8 views

USN-8426-1: Linux kernel (Azure) vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...

9.8CVSS6.4AI score0.93994EPSS

Exploits268

OSV•added 6 days ago•5 views

USN-8426-1 linux-azure-5.15, linux-azure-fips vulnerabilities

9.8CVSS5.2AI score0.93994EPSS

Exploits268References19

Tenable Nessus•added 6 days ago•3 views

Ubuntu 24.04 LTS : Linux kernel (NVIDIA Tegra) vulnerabilities (USN-8350-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8350-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...

9.8CVSS6.2AI score0.75521EPSS

Exploits227References9

Tenable Nessus•added 6 days ago•3 views

Ubuntu 22.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-8351-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8351-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...

9.8CVSS6.2AI score0.75521EPSS

Exploits227References9

CVE•added 2026/06/09 10:49 p.m.•11 views

CVE-2026-46433

CVE-2026-46433 affects lldpd (LLDP implementation). Prior to version 1.0.22, lldpd_decode() incorrectly shifts frame payload when removing 802.1Q VLAN tags, using a length calculation that causes a 4-byte heap OOB read if the frame size equals the interface MTU. This vulnerability is fixed in ver...

6.5CVSS5.5AI score0.00225EPSS

Exploits0References4Affected Software1

OSV•added 2026/06/09 4:22 p.m.•7 views

USN-8412-1 qemu vulnerabilities

Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the iSCSI block driver in QEMU incorrectly handled certain responses from an iSCSI server. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary...

8.2CVSS7.7AI score0.04018EPSS

Exploits10References40

NVD•added 2026/06/09 1:16 p.m.•7 views

CVE-2026-46321

In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tunxdpone tunxdpone returns -EINVAL on a frame shorter than ETHHLEN without freeing the page that vhostnetbuildxdp allocated for it. tunsendmsg discards that -EINVAL and still returns...

7.1CVSS0.00129EPSS

Exploits0References4

Cvelist•added 2026/06/09 12:11 p.m.•26 views

CVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()

In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tapgetuserxdp tapgetuserxdp rejects a frame shorter than ETHHLEN with -EINVAL, and returns -ENOMEM when buildskb fails. Both paths jump to the err label without freeing the page that...

7.4CVSS0.00165EPSS

Exploits0References2

SUSE CVE•added 2026/06/09 2:20 a.m.•6 views

SUSE CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

5.5CVSS5.4AI score0.00389EPSS

Exploits0References3

NVD•added 2026/06/08 5:16 p.m.•8 views

CVE-2026-46306

7.5CVSS0.00389EPSS

Exploits0References8

OSV•added 2026/06/08 5:16 p.m.•5 views

UBUNTU-CVE-2026-46306

7.5CVSS5.3AI score0.00389EPSS

Exploits0References11

EUVD•added 2026/06/08 3:46 p.m.•6 views

EUVD-2026-35171