CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 4 hours ago•4 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.92 packages and security update

Red Hat OpenShift Container Platform release 4.12.92 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

10CVSS6.9AI score0.00765EPSS

Exploits3References6

RedHat Linux•added 4 hours ago•4 views

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

4.3CVSS7.1AI score0.00382EPSS

CVE•added yesterday•5 views

CVE-2026-33235

AutoGPT is vulnerable to Denial of Service in the Fill Text Template block prior to v0.6.52. Although a SandboxedEnvironment blocks certain attributes (e.g., class ), it does not cap the computational complexity or execution time of Python/Jinja2 expressions, allowing crafted inputs to exhaust CP...

7.7CVSS5.8AI score

RedhatCVE•added yesterday•4 views

CVE-2026-53127

A flaw was found in the Linux kernel's block subsystem. This vulnerability allows for a memory leak when zone revalidation fails, specifically when blkrevalidatediskzones encounters an error after memory has been allocated for zonescond. This can lead to resource exhaustion, potentially resulting...

5.5CVSS5.7AI score

RedhatCVE•added yesterday•3 views

CVE-2026-53126

A flaw was found in the Linux kernel's blk-cgroup component. This vulnerability occurs due to a missing disk reference release on an error path within the blkcgmaybethrottlecurrent function. When certain lookups or gets fail, the disk reference acquired is not properly freed. This oversight can...

5.5CVSS5.8AI score

CVE•added yesterday•10 views

CVE-2026-52814

CVE-2026-52814 affects Gogs’ built-in Go SSH server, where unauthenticated clients can stall the SSH handshake to exhaust file descriptors, spawning unbounded goroutines and causing FD exhaustion that disrupts SSH access. Connected advisories (GHSA-XP79-5MX3-JX52) confirm the vulnerability detail...

6.9CVSS5.9AI score

RedHat Linux•added yesterday•4 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS7.1AI score0.00349EPSS

RedhatCVE•added yesterday•3 views

CVE-2026-52932

A flaw was found in the Linux kernel's xfrm IPcomp IP Payload Compression Protocol component. This vulnerability involves improper memory deallocation during error handling, where allocated resources are not correctly freed. This could allow a local attacker to cause resource exhaustion,...

5.8AI score0.00155EPSS

RedhatCVE•added yesterday•3 views

CVE-2026-52916

A flaw was found in the Linux kernel's batman-adv module. A remote attacker can exploit this vulnerability by sending specially crafted BATADVUNICASTFRAG packets, which are designed to contain other fragmented packets. This 'fragments in fragments' scenario causes the kernel to recursively proces...

5.9AI score0.00177EPSS

NVD•added yesterday•8 views

CVE-2026-56368

ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service...

6.3CVSS

NVD•added yesterday•7 views

CVE-2026-56245

Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER recordbuildtime RPC function that allows unauthenticated attackers to insert arbitrary build-time records. Attackers can exploit this by calling POST /rest/v1/rpc/recordbuildtime with a public AP...

8.8CVSS

Cvelist•added yesterday•18 views

CVE-2026-56368 ImageMagick - Memory Leak in Raw Pixel Data Coders

6.3CVSS

EUVD•added yesterday•5 views

EUVD-2026-38755

6.3CVSS5.8AI score

CVE•added yesterday•8 views

CVE-2026-56368

CVE-2026-56368 (ImageMagick) : ImageMagick prior to 7.1.2-15 has a memory leak in multiple coders that write raw pixel data, where allocated objects are not freed. This can be triggered by processing specially crafted images, leading to memory exhaustion and denial of service. Root cause is the u...

6.3CVSS5.8AI score

OSV•added yesterday•9 views

CURL-CVE-2026-11586 WS Auto-PONG memory exhaustion

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

5.8AI score

Exploits0

EUVD•added yesterday•9 views

EUVD-2026-38719

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...

5.7AI score0.00177EPSS