CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Do not wait in vain when unloading the module. There was a race condition in the module exit path, where there was a conflict between deleting all controllers and freeing the “leftover IDs”. To prevent double-freeing, a...

4.4CVSS6.3AI score0.00011EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed the link-down processing to address the issue of NULL pointer dereferencing. If a FC link-down transition occurs while PLOGIs are outstanding for fabric-known addresses, outstanding ABTS requests may lead to NUL...

5.5CVSS6.2AI score0.00014EPSS

GithubExploit•added 2026/05/19 2:12 a.m.•47 views

MC-271325-DoS-PoC

Log amplification based denial for service for vanilla Minecra...

GithubExploit•added 2026/05/19 2:12 a.m.•62 views

Exploits0

MC-271325-PoC

Status trailing-byte log amplification MC-271325 Unauthenti...

Arista•added 2026/05/19 12:0 a.m.•25 views

Exploits0

Security Advisory 0139

Security Advisory 0139 PDF Date: May 19, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 19, 2026 | Initial release The CVE-ID tracking this issue: CVE-2025-49844 CVSSv3.1 Base Score: 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSSv4.0 Base Score: 9.4...

9.9CVSS7.7AI score0.11111EPSS

Exploits13

Vulnrichment•added 2026/05/14 4:8 p.m.•4 views

CVE-2026-20182 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...

10CVSS6.1AI score0.83125EPSS

Exploits4References2

VulnCheck KEV•added 2026/05/14 12:0 a.m.•19 views

VulnCheck KEV: CVE-2026-20182

10CVSS5.9AI score0.83125EPSS

In wildExploits4References6

OSV•added 2026/05/12 3:31 a.m.•3 views

MAL-2026-3542 Malicious code in @uipath/data-fabric-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 564bdc51544f234731435ede11d7239b9b2035872b6083e88795bd64734bb58a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/12 3:31 a.m.•3 views

Exploits0References6

Malicious code in @uipath/data-fabric-tool (npm)

Positive Technologies•added 2026/05/12 12:0 a.m.•5 views

Exploits0References6

PT-2026-40387

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...

5.9CVSS5.8AI score0.00016EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•4 views

PT-2026-40388

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network SMN access, potentially resulting in arbitrary code execution in AMD Secure Processor ASP and loss of the SEV-SNP guest's confidentiality and integrity...

8.5CVSS6.3AI score0.00017EPSS

OSV•added 2026/05/11 5:40 a.m.•7 views

BIT-HYPERLEDGER-FABRIC-PEER-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...

OSV•added 2026/05/11 5:40 a.m.•3 views

Exploits0References3

BIT-HYPERLEDGER-FABRIC-TOOLS-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE

OSV•added 2026/05/11 5:40 a.m.•2 views

Exploits0References3

BIT-HYPERLEDGER-FABRIC-ORDERER-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE

vulnersOsv•added 2026/05/07 6:41 a.m.•4 views

Exploits0References3

com.baoquan:verax-sdk (=1.0.0), com.easypayx:easypay-blockchain-java-sdk (>=1.0.0 <=1.0.4) +21 more potentially affected by CVE-2026-41586 via org.hyperledger.fabric-sdk-java:fabric-sdk-java (>=1.0.1 <=2.2.8)

org.hyperledger.fabric-sdk-java:fabric-sdk-java MAVEN version =1.0.1, =1.0.0, =1.0.0-RELEASE, =1.0.0-RELEASE, =0.0.1, =1.0.0, =1.0.0, =1.0, =3.16.1, =1.2.0, =1.3.0, =0.10.1, =014.1 and more Source cves: CVE-2026-41586 Source advisory: SNYK:JAVA-ORGHYPERLEDGERFABRICSDKJAVA-16439197...

Snyk•added 2026/05/07 6:41 a.m.•5 views

Exploits0

Deserialization of Untrusted Data

Overview org.hyperledger.fabric-sdk-java:fabric-sdk-java is a Java SDK for Hyperledger Fabric. Deprecated as of Fabric v2.5, replaced by org.hyperledger.fabric:fabric-gateway. Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the deSerializeChannel...

9.8CVSS6.3AI score0.00017EPSS