CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

8.8CVSS5.9AI score0.00129EPSS

SUSE CVE-2026-53200

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

9.8CVSS5.9AI score0.00559EPSS

SUSE CVE-2026-53221

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix incorrect tunnel matching in vti6tnllookup In vti6tnllookup, when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels: - Tunnels matching the packet's local address, with any remot...

SUSE CVE-2026-53231

In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was found by sashiko that running sfpbusaddupstream for genphy deadlocks,...

5.8AI score0.00162EPSS

9.8CVSS5.8AI score0.00349EPSS

SUSE CVE-2026-53260

In the Linux kernel, the following vulnerability has been resolved: tcp: Add preemptdisable,enablenested in reqskqueuehashreq. syzbot reported a weird reqsk-rskrefcnt underflow in inetcskreqskqueuedrop. The captured reqskput in inetcskreqskqueuedrop is called only when it successfully removes req...

SUSE CVE•added 3 days ago•3 views

SUSE CVE-2026-53264

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: use RCU with deferred freeing for action lifecycle When NEWTFILTER and DELFILTER are run concurrently it is possible to create a race with an associated action. Let's illustrate with CPU0 running NEWTFILTER and...

7.8CVSS5.8AI score0.00129EPSS

7.8CVSS5.8AI score0.00129EPSS

SUSE CVE-2026-53270

In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at...

7.5CVSS5.8AI score0.00357EPSS

SUSE CVE-2026-57435

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri's CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...

6.3CVSS5.8AI score0.00312EPSS

SUSE CVE-2026-57437

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

EUVD•added 3 days ago•9 views

EUVD-2026-39616

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...

Vulnrichment•added 3 days ago•6 views

CVE-2026-8661 Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin

CVE•added 3 days ago•15 views

CVE-2026-8661

CVE-2026-8661 affects the Rapid7 InsightConnect Markdown Plugin (Linux) up to version 3.1.4. The vulnerability is in the markdown_to_pdf action and combines Server-Side Scripting (XSS) with Server-Side Request Forgery (SSRF). It allows remote attackers to execute JavaScript server-side and to tri...

ATTACKERKB•added 3 days ago•10 views

CVE-2026-8661

Cvelist•added 3 days ago•38 views

CVE-2026-8661 Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin

4.8CVSS0.00254EPSS

OSSF Malicious Packages•added 3 days ago•8 views

Malicious code in @dervix/ws (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79b9ab7431b1a6a1250c089e2ea33f54ad92313f587fbd2aabc020c12be55f69 Package @dervix/ws impersonates the popular ws WebSocket library — package.json copies the legitimate ws project's homepage...

6.1AI score

OSV•added 3 days ago•3 views

MAL-2026-6496 Malicious code in @dervix/ws (npm)

6AI score

OSSF Malicious Packages•added 3 days ago•7 views

Malicious code in wellnpm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cce5614817c010bad6d6bd86146713b627ad235b87d9ccd341bd3d996a80119 [email protected] ships a 24MB ELF binary named launch which is the XMRig Monero miner RandomX, cn/upx2, ghostrider algorithm strings, libuv/OpenSSL...

5.8AI score

Exploits0References7

OSV•added 3 days ago•5 views

MAL-2026-6501 Malicious code in wellnpm (npm)

5.8AI score

Exploits0References7

Snyk•added 3 days ago•3 views

Malicious Package

Overview wellnpm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score