CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/28 9:36 a.m.•27 views

CVE-2026-46150 fanotify: fix false positive on permission events

7.1CVSS0.00014EPSS

Exploits0References8

SUSE CVE•added 2026/05/28 3:55 a.m.•7 views

SUSE CVE-2026-45942

In the Linux kernel, the following vulnerability has been resolved: ext4: fix e4b bitmap inconsistency reports A bitmap inconsistency issue was observed during stress tests under mixed huge-page workloads. Ext4 reported multiple e4b bitmap check failures like: ext4mbcomplexscangroup:2508: group...

5.7AI score0.00013EPSS

Exploits0References3

CNNVD•added 2026/05/28 12:0 a.m.•5 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the function fsnotifygetmarksafe in fanotify. This function may return false positives for...

7.1CVSS5.8AI score0.00014EPSS

NVD•added 2026/05/27 2:17 p.m.•10 views

CVE-2026-45942

7.8CVSS0.00013EPSS

CVE•added 2026/05/27 12:17 p.m.•13 views

CVE-2026-45942

Summary of CVE-2026-45942 : A race condition in the Linux kernel ext4 bitmap handling enables inconsistent bitmap reporting due to concurrent page migration and bitmap modification in the load_buddy path. The root cause is that the fast load_buddy path only increments the folio refcount and can o...

7.8CVSS5.7AI score0.00013EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43809

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the ext4 file system between page migration and bitmap modification during mixed huge-page workloads. The issue occurs because the fast path of the load buddy...

7.8CVSS5.5AI score0.00013EPSS

Exploits0References14

The Hacker News•added 2026/05/25 11:30 a.m.•19 views

The Alert Firehose Finally Meets Its Match

Ask a cybersecurity pro about Network Detection and Response NDR and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll hear they're actually using it to catch threats earlier, triage faster, and chase fewer false positive...

Packet Storm News•added 2026/05/25 12:0 a.m.•7 views

On Reliability of Efficient Membership Inference Vulnerability Evaluation

Membership inference attacks MIAs are popular methods for empirically assessing the leakage of sensitive information in the training data through models or statistics learned from the data. The MIA vulnerability is often evaluated through false positive rate FPR and true positive rate TPR of a...

Packet Storm News•added 2026/05/22 12:0 a.m.•7 views

Are Frontier LLMs Ready for Cybersecurity? Evidence for Vertical Foundation Models from Dual-Mode Vulnerability Benchmarks

We evaluate whether frontier LLMs are ready for cybersecurity through a dual-mode benchmark: white-box function-level vulnerability detection VulnLLM-R, across C/Java/Python and black-box web application security testing five production-style applications with 118 ground-truth vulnerabilities...

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: kernfs: The constraint in the draining guard has been relaxed. The active reference lifecycle provides a mechanism for breaking/unbreaking references, but the active reference is not truly active after unbreaking—callers do not u...

5.5CVSS5.7AI score0.0007EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nfsd: fixed RELEASELOCKOWNER The test on socount in nfsd4releaselockowner is pointless and harmful. It’s recommended to revert to using checkforlocks, and change the code to avoid sleeping. First, the test is harmful because, as...

5.5CVSS5.9AI score0.00007EPSS

Exploits0References2

Packet Storm News•added 2026/05/17 12:0 a.m.•10 views

ADR: An Agentic Detection System for Enterprise Agentic AI Security

We present the Agentic AI Detection and Response ADR system, the first large-scale, production-proven enterprise framework for securing AI agents operating through the Model Context Protocol MCP. We identify three persistent challenges in this domain: 1 limited observability -- existing Endpoint...

Packet Storm News•added 2026/05/14 12:0 a.m.•12 views

WARD: Adversarially Robust Defense of Web Agents against Prompt Injections

Web agents can autonomously complete online tasks by interacting with websites, but their exposure to open web environments makes them vulnerable to prompt injection attacks embedded in HTML content or visual interfaces. Existing guard models still suffer from limited generalization to unseen...

Packet Storm News•added 2026/05/13 12:0 a.m.•6 views

Characterizing AI-Assisted Bot Traffic in Darknet Data: Implications for ICS and IIoT Security

The rise of automated scanning tools and AI assisted reconnaissance agents has significantly altered internet background traffic patterns, threatening the baseline assumptions underlying intrusion detection systems IDS deployed in critical infrastructure networks. This paper characterizes the...

CNNVD•added 2026/05/11 12:0 a.m.•5 views

Official Clerk JavaScript SDKs 代码问题漏洞

The Official Clerk JavaScript SDKs are an open-source repository for Clerk authentication purposes. These SDKs have code vulnerabilities that can lead to false positives during authorization checks. This occurs when functions like has and auth.protect, along with related authorization predicates,...

8.1CVSS5.9AI score0.00049EPSS

Exploits0References2

Packet Storm News•added 2026/05/08 12:0 a.m.•4 views

Securing the Dark Matter: A Semantic-Enhanced Neuro-Symbolic Framework for Supply Chain Analysis of Opaque Industrial Software

Automated vulnerability detection in critical-infrastructure software confronts a fundamental barrier: industrial software is routinely deployed as stripped, symbol-free binaries that deprive conventional Software Composition Analysis of the source-level transparency it requires. Existing binary...