CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 6 days ago•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed an oops due to uninitialized variables in smb2unlink. If SMB2openinit or SMB2closeinit fails e.g., due to reconnection, the iovs structure @rqst may remain uninitialized. As a result, calling SMB2openfree,...

5.5CVSS5.3AI score0.00121EPSS

AstraLinux•added 6 days ago•3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: dm thin: Fixed a use-after-free crash in dmsmregisterthresholdcallback. Reports of faults injecting into the pool metadata device: - BUG: KASAN: Use-after-free in dmpoolregistermetadatathreshold+0x40/0x80. - Reading of size 8 ...

5.5CVSS6.3AI score0.002EPSS

AstraLinux•added 6 days ago•1 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed corruption in the listadd function within lpfcdraintxq. When parsing the txq list in lpfcdraintxq, the driver attempts to pass the requests to the adapter. If this attempt fails, a local “failmsg” string is set...

5.5CVSS5.7AI score0.00238EPSS

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nouveau/dmem: handling of kcalloc allocation failures The kcalloc function in nouveaudmemevictchunk will return null if the physical memory runs out. As a result, if we dereference srcpfns, dstpfns, or dmaaddrs, null pointer...

5.5CVSS5.9AI score0.00225EPSS

AstraLinux•added 6 days ago•2 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: mm/vmalloc: fixed vmalloc, which may return null if called with GFPNOFAIL. The commit a421ef303008 "mm: allow !GFPKERNEL allocations for kvmalloc" includes support for GFPNOFAIL, but it creates a conflict with the commit...

5.5CVSS6.5AI score0.00226EPSS

EUVD•added last week•8 views

EUVD-2026-37913

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS5.3AI score0.00289EPSS

Exploits0References4

Tenable Nessus•added 2026/06/18 12:0 a.m.•5 views

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23026)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpiperipheralconfig Fix a memory leak in gpiperipheralconfig where the original memory pointed to by gchan-config could be lost if krealloc fails. The issue occurs when: 1. gchan-config...

5.5CVSS6AI score0.00183EPSS

Exploits0References3

OSSF Malicious Packages•added 2026/06/17 4:57 a.m.•4 views

Malicious code in @mastra/convex (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acae13d27edf4e66aa693ee00ce3df3eb508a09c9bf7a9b934a9d3804653f3ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/06/17 3:11 a.m.•6 views

Malicious code in @mastra/ai-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b23e19b24d58761bd64000978f4e6b11335a7ebd4fe1f7bfabb33ce050255a8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2026/06/17 3:11 a.m.•4 views

MAL-2026-5965 Malicious code in mastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 177b60c8d45a21867d69c269f21c334505b8c0298b497cbed321d403be4311f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Tenable Nessus•added 2026/06/17 12:0 a.m.•5 views

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8440-1)

"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8440-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the...

9.8CVSS7.6AI score0.96775EPSS

Exploits272References394

OSV•added 2026/06/16 10:14 p.m.•7 views

USN-8426-2 linux-azure vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...

9.8CVSS8AI score0.96775EPSS

Exploits271References19

OSSF Malicious Packages•added 2026/06/16 12:29 a.m.•8 views

Malicious code in tailwind-typography-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b5b1eea6bfed81a0e57b9af519c45155347e3937a20dc8ef4e9ab1cae6ff73d The package impersonates @tailwindcss/typography by name and ships a verbatim copy of tailwindlabs/tailwindcss-typography's src/ tree index.js,...

5.5AI score

OSV•added 2026/06/15 11:39 p.m.•8 views

MAL-2026-5848 Malicious code in slow-surf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f66d2ad1de3674c7aa5dd5efdb00624f0d1ff7f6f1ed38f054e6ca018dea673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Vulnrichment•added 2026/06/12 9:2 p.m.•7 views

CVE-2026-47120 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

7.1CVSS5.2AI score0.00261EPSS

EUVD•added 2026/06/12 9:2 p.m.•8 views

EUVD-2026-36593

7.1CVSS5.2AI score0.00261EPSS

CVE•added 2026/06/12 9:2 p.m.•23 views

CVE-2026-47120

CVE-2026-47120 affects Nezha Monitoring: from v1.4.0 to before v2.0.8, a RoleMember can trigger other users’ cron tasks via AlertRule.FailTriggerTasks without ownership checks, enabling admin cron commands to run on all servers. The issue is resolved in v2.0.8. Exploitation details in connected s...

7.1CVSS5.2AI score0.00261EPSS