CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 3 days ago•16 views

CVE-2026-46554

NocoDB prior to 2026.04.4 is affected by a stale-auth-cache issue: when an API token is deleted, the auth cache entry keyed by the token value is not evicted, allowing the token to continue authenticating until the cache entry expires. This creates a deletion-to-revocation window of up to three d...

2.3CVSS5.8AI score0.00197EPSS

AstraLinux•added last week•3 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: “Reapply ‘drm/qxl: simplify qxlfencewait’” This change reverts the commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reported: “I tried running my tests on my virtual machines, but the tests failed upon boot-up...

5.5CVSS6.1AI score0.00164EPSS

AstraLinux•added last week•3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Do not leak a resource on eviction error. For eviction errors other than -EMULTIHOP, we were leaking a resource. This issue has been fixed. v2: - Avoid using another “goto” statement. Andi Shyti...

5.2AI score0.00168EPSS

AstraLinux•added last week•5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: lib/testhmm.c: Handling of failures in allocating srcpfns and dstpfns The kcalloc function used in dmirrordeviceevictchunk will return null if the physical memory runs out. As a result, if srcpfns or dstpfns is dereferenced, a...

5.5CVSS6AI score0.00241EPSS

AstraLinux•added last week•3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: vfs: Do not evict inode under the inode lru traversing context The inode reclaiming process see function pruneicachesb collects all reclaimable inodes and marks them with the IFREEING flag. At that time, other processes will b...

4.7CVSS6.4AI score0.00172EPSS

AstraLinux•added last week•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a lockup issue caused by a race condition between inode eviction and inode caching. There is a race condition between inode eviction and inode caching that can cause a live struct btrfsinode to be missing from the...

4.7CVSS5.6AI score0.001EPSS

AstraLinux•added last week•4 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after securitysbdelete The function fscryptDestroykeyring must be called after all potentially-encrypted inodes have been evicted; otherwise, it cannot safely destroy the keyring. Since inodes that are...

5.5CVSS6.2AI score0.00159EPSS

RedHat Linux•added 2026/06/17 10:41 a.m.•6 views

redis: use-after-free in unblock client flow may allow remote code execution

A flaw was found in Redis. The unblock client flow does not handle an error return from the processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can cause a use-after-free issue. This potentially leads to...

8.8CVSS6.1AI score0.00952EPSS

RedHat Linux•added 2026/06/15 10:18 a.m.•10 views

redis: use-after-free in unblock client flow may allow remote code execution

8.8CVSS6.1AI score0.00952EPSS

RedHat Linux•added 2026/06/11 11:44 a.m.•7 views

redis: use-after-free in unblock client flow may allow remote code execution

8.8CVSS6AI score0.00952EPSS

RedHat Linux•added 2026/06/11 10:5 a.m.•5 views

redis: use-after-free in unblock client flow may allow remote code execution

8.8CVSS6AI score0.00952EPSS

RedhatCVE•added 2026/06/10 10:16 p.m.•9 views

CVE-2026-10143

A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client's event loop to freeze. This prevents critical operations...

8.7CVSS5.1AI score0.00388EPSS

Exploits0References7

RedhatCVE•added 2026/06/10 9:3 p.m.•9 views

CVE-2026-49843

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...

5.3CVSS5.4AI score0.00284EPSS

Snyk•added 2026/06/10 8:22 p.m.•4 views

Unchecked Input for Loop Condition

Overview kafka-python is a Pure Python client for Apache Kafka Affected versions of this package are vulnerable to Unchecked Input for Loop Condition in the SCRAM authentication handling. An attacker can cause the client's event loop to freeze by supplying an excessively large iteration count...

8.7CVSS5.5AI score0.00388EPSS

Positive Technologies•added 2026/06/10 12:0 a.m.•13 views

PT-2026-48531

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the SCRAM authentication handling. A malicious or machine-in-the-middle broker can freeze the client event loop by providing an excessively large iteration...

8.7CVSS5.5AI score0.00388EPSS

Exploits0References6

NVD•added 2026/06/09 5:17 p.m.•12 views

CVE-2026-49843

5.3CVSS0.00284EPSS

Cvelist•added 2026/06/09 4:4 p.m.•35 views

CVE-2026-49843 FreeSWITCH: Pre-authentication session eviction via attacker-chosen `sessid` in `mod_verto`

5.3CVSS0.00284EPSS

EUVD•added 2026/06/09 4:4 p.m.•10 views

EUVD-2026-35492

5.3CVSS5.4AI score0.00284EPSS