CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 5 days ago•9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl/ras: Fixed the device confusion related to the CPER handler. Upon inspection, the cxlcperhandleproterr function makes several fragile assumptions that can lead to crashes: 1. It assumes that the endpoints identified in the...

5.5CVSS5.7AI score0.0012EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: A divide error occurred in ndlabeldatainit. If a faulty CXL memory device returns a incorrect zero LSA size in its memory device information Identified Memory Device Opcode 4000h, CXL Specification 3.1,...

5.5CVSS6.2AI score0.00166EPSS

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: PCI: Fixed NULL dereferencing in the error path during SR-IOV VF creation. Fixed issues when virtfn setup fails, preventing NULL pointer dereferencing during device removal. The kernel error occurred due to incorrect error...

5.5CVSS6AI score0.00164EPSS

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nvme-core: fixed a memory leak in dhchapsecretstore Free the dhchapsecret in nvmectrldhchapsecretstore before returning. Fixed the following kmemleak: Unreferenced object 0xffff8886376ea800 size 64: Command "check", PID 22048,...

5.8AI score0.00191EPSS

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: wifi: iwlwifi: pcie: fixed a possible NULL pointer dereference issue It is possible that iwlpciprobe may fail and free the trans structure. After that, iwlpciRemove may be called, but it will crash when trying to access a tran...

5.9AI score0.00211EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd: check num of link levels when update pcie param In the SR-IOV environment, the value of pcietable-numoflinklevels will be 0, and numoflevels - 1 will cause an array index out of bounds...

7.8CVSS6.1AI score0.00262EPSS

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

The network backend may cause Linux netfront to use freed SKBs. While adding logic to support XDP eXpress Data Path, a code label was moved in a way that allows SKBs to retain references pointers for further processing, so that they can still be freed...

7.8CVSS6.6AI score0.00341EPSS

Nuclei•added 2026/06/16 7:13 a.m.•13 views

Mitel MiCollab - Information Disclosure & Denial of Service

Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 contain a vulnerability in the TP-240 component caused by improper handling, letting remote attackers obtain sensitive information and cause denial of service, exploit requires remote access. id: CVE-2022-26143 info: name:...

9.8CVSS8.6AI score0.87565EPSS

Exploits1References1

Nuclei•added 2026/06/16 7:13 a.m.•219 views

Wordpress Email Subscribers by Icegram Express - SQL Injection

The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficient escaping ...

9.8CVSS8.9AI score0.80596EPSS

Exploits4References2

OSSF Malicious Packages•added 2026/06/11 9:44 a.m.•11 views

Malicious code in swagger-express-routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 342bf1e361c6684c276c1afc618d78d82268e93898daddaef74873a49c6111b2 On require'swagger-express-routes', the package's main entry transitively loads src/utils/lib.min.js through src/connector/index.js line 1:...

OSV•added 2026/06/11 9:44 a.m.•6 views

MAL-2026-5636 Malicious code in swagger-express-routes (npm)

Snyk•added 2026/06/11 9:44 a.m.•3 views

Malicious Package

Overview swagger-express-routes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.4AI score

OSSF Malicious Packages•added 2026/06/11 2:51 a.m.•11 views

Malicious code in @my_name_is_khn/express-security-tool-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42987119346b57a7014465a5a7bec3c00d1928e7e41d999152aa4e2f814c298e On npm install, the package's postinstall runs scripts/inject.js, which walks up from the current working directory to locate the consumer project's...

5.5AI score

OSV•added 2026/06/11 2:51 a.m.•9 views

MAL-2026-5552 Malicious code in @my_name_is_khn/express-security-tool-v3 (npm)

5.5AI score

OSSF Malicious Packages•added 2026/06/11 2:51 a.m.•8 views

Malicious code in express-timer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b4fd1651a86f29904cbafe5a1d50f51a3108413ce0fef61fd92cfc61dedc683 express-timer is a destructive supply-chain attack masquerading as an Express security-headers helper. Three independent harm mechanisms fire on...

OSV•added 2026/06/11 2:51 a.m.•8 views

Exploits0References6

MAL-2026-5555 Malicious code in express-timer (npm)