CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added yesterday•4 views

CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

ATTACKERKB•added yesterday•6 views

CVE-2026-49187

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

CVE•added yesterday•10 views

CVE-2026-49187

CVE-2026-49187 concerns hard-coded APK resource files that never expire and a shared scepter that can lead to information leaks and potential misuse. According to the entry, exploitation is network-based with low attack complexity and no privileges required, causing high confidentiality impact (t...

Exploits0References1Affected Software1

EUVD•added yesterday•5 views

EUVD-2026-34204

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: autofs: Fixed a memory leak in waitqueues in autofscatatonicmode. Syzkaller reported a memory leak: BUG: Memory leak Unreferenced object: 0xffff88810b279e00 size 96 Command: “syz-executor399”, PID: 3631, Jiffies: 4294964921 Ag...

6AI score0.00039EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed an issue related to “slab-use-after-free” in ksmbdsmb2sessioncreate. There is a race condition between ksmbdsmb2sessioncreate and ksmbdexpiresession. This patch adds the necessary sessionstablelock during the...

7.8CVSS6.6AI score0.0002EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Timers: A race condition involving NULL function pointers in timershutdownsync has been fixed. There is a race condition between timershutdownsync and timerexpiration, which can lead to a WARNON being triggered in expiretimers...

4.7CVSS5.9AI score0.00008EPSS

Vulnrichment•added 2026/05/07 6:3 p.m.•4 views

CVE-2026-41902 FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...

9.1CVSS5.8AI score0.00039EPSS

Github Security Blog•added 2026/05/05 5:20 p.m.•4 views

ots has a negative expire override that can bypass its secret retention policy

Summary The /api/create endpoint accepted negative expire query values. For the memory storage backend, negative values were passed to secret creation as a negative duration and treated as no expiry, allowing callers to create secrets that persisted longer than intended. Impact Unauthenticated...

5.7AI score

Exploits0References4Affected Software1

OSV•added 2026/05/05 5:20 p.m.•0 views

GHSA-H5FQ-653G-GXRM ots has a negative expire override that can bypass its secret retention policy

5.3CVSS5.7AI score

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed a race condition between session lookup and expire operations. Thread A + Thread B ksmbdsessionlookup | smb2sesssetup sess = xaload | | | xaerase&conn-sessions, sess-id; | | ksmbdsessiondestroysess -- kfreesess | //...

7CVSS6.4AI score0.00012EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux - уязвимость в sssd

A flaw was discovered in SSSD, where the sssctl command was vulnerable to shell command injection through the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into executing a specially crafted sssctl command, such as using sudo, in order to gain root...

9.3CVSS6.7AI score0.00384EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue under cocurrent smb2 tree disconnect There is UAF issue under cocurrent smb2 tree disconnect. This patch introduce TREECONNEXPIRE flags for tcon to avoid cocurrent access...

7CVSS6.5AI score0.00019EPSS

NVD•added 2026/04/24 3:16 p.m.•2 views

CVE-2026-31664

In the Linux kernel, the following vulnerability has been resolved: xfrm: clear trailing padding in buildpolexpire buildexpire clears the trailing padding bytes of struct xfrmuserexpire after setting the hard field via memsetafter, but the analogous function buildpolexpire does not do this for...

5.5CVSS0.00014EPSS

Exploits0References8

Positive Technologies•added 2026/04/24 12:0 a.m.•2 views

PT-2026-35016

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Linux kernel due to uninitialized padding bytes in the build polexpire function. While the build expire function correctly clears trailing padding bytes of th...

5.5CVSS5.3AI score0.00014EPSS

Exploits0References20

NVD•added 2026/04/22 6:16 a.m.•3 views

CVE-2026-22746

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

3.7CVSS0.00067EPSS