CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 3 days ago•3 views

MAL-2026-6497 Malicious code in chai-as-synced (npm)

5.7AI score

SUSE CVE•added 3 days ago•7 views

SUSE CVE-2026-13201

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

7.3CVSS6AI score0.00124EPSS

OSSF Malicious Packages•added 3 days ago•8 views

Malicious code in set-cookie-ease (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2bf656ba38b4d951239ee29799f510de4a8cb93fcf5d8005db4cd679a8631e6 Package masquerades as js-cookie same banner /! js-cookie v3.0.5 | MIT /, README, and repository.url: git://github.com/js-cookie/js-cookie.git but...

6AI score

OSV•added 3 days ago•4 views

MAL-2026-6500 Malicious code in set-cookie-ease (npm)

5.9AI score

OSSF Malicious Packages•added 3 days ago•7 views

Malicious code in mongoose-json-format (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3dc63cdceb40d6f0fe338bcdbe589689ab2897f44cbb6b7c3d0192b5bd09c5 On require, helpers.js instantiates a Helper whose constructor invokes createLog. createLog base64-decodes the string assigned to HASHKEY decoding to...

6AI score

OSV•added 3 days ago•3 views

MAL-2026-6499 Malicious code in mongoose-json-format (npm)

5.9AI score

NVD•added 3 days ago•8 views

CVE-2026-8661

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdowntopdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...

4.8CVSS0.00254EPSS

Exploits0References2

NVD•added 3 days ago•10 views

CVE-2026-13226

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00281EPSS

Exploits0References8

SUSE CVE•added 3 days ago•2 views

SUSE CVE-2026-52961

In the Linux kernel, the following vulnerability has been resolved: ceph: fix BUGON in cephbuildxattrsblob due to stale blob size The generic/642 test-case can reproduce the kernel crash: 40243.605254 ------------ cut here ------------ 40243.605956 kernel BUG at fs/ceph/xattr.c:918! 40243.607142...

5.8AI score0.00198EPSS

SUSE CVE-2026-52965

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure When ttmttswapout fails, the current code calls ttmresourceaddbulkmove followed by ttmresourcemovetolrutail to restore the resource's bulkmove membership. However,...

5.8AI score0.00167EPSS

7.8CVSS6AI score0.0014EPSS

SUSE CVE-2026-52991

In the Linux kernel, the following vulnerability has been resolved: sched/psi: fix race between file release and pressure write A potential race condition exists between pressure write and cgroup file release regarding the priv member of struct kernfsopenfile, which triggers the uaf reported in 1...

SUSE CVE•added 3 days ago•4 views

SUSE CVE-2026-52996

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix durable fd leak on ClientGUID mismatch in durable v2 open ksmbdlookupfdcguid returns a ksmbdfile with its refcount incremented via ksmbdfpget. parsedurablehandlecontext in the DURABLEREQV2 case properly releases this...

6AI score0.00188EPSS

7.8CVSS5.8AI score0.00127EPSS

SUSE CVE-2026-53000

In the Linux kernel, the following vulnerability has been resolved: netfilter: nat: use kfreercu to release ops Florian Westphal says: "Historically this is not an issue, even for normal base hooks: the data path doesn't use the original nfhookops that are used to register the callbacks. However,...

SUSE CVE-2026-53007

In the Linux kernel, the following vulnerability has been resolved: ice: fix potential NULL pointer deref in error path of icesetringparam icesetringparam nullifies tstampring of temporary txrings, without clearing ICETXRINGFLAGSTXTIME bit. When ICETXRINGFLAGSTXTIME is set and the subsequent...

5.8AI score0.00155EPSS

7.8CVSS5.9AI score0.0012EPSS

SUSE CVE-2026-53009

In the Linux kernel, the following vulnerability has been resolved: ice: fix double-free of txbuf skb If icetso or icetxcsum fail, the error path in icexmitframering frees the skb, but the 'first' txbuf still points to it and is marked as valid ICETXBUFSKB. 'nexttouse' remains unchanged, so the...

SUSE CVE•added 3 days ago•2 views

SUSE CVE-2026-53022

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: bound enumeration string aggregation populateenumdata aggregates firmware-provided value-modifier and possible-value strings into fixed 512-byte struct members. The current code bounds each individu...

5.8AI score0.00172EPSS

SUSE CVE•added 3 days ago•2 views

SUSE CVE-2026-53069

In the Linux kernel, the following vulnerability has been resolved: net, bpf: fix null-ptr-deref in xdpmasterredirect for down master syzkaller reported a kernel panic in bondrrgenslaveid reached via xdpmasterredirect. Full decoded trace: https://syzkaller.appspot.com/bug?extid=80e046b8da2820b6ba...

7.5CVSS5.8AI score0.00385EPSS