CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hexadecimal numbers or similar elements. However,...

7.8CVSS7AI score0.00286EPSS

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed by removing the unnecessary f2fsbugon function to avoid panics. The verifyblkaddr function will trigger a panic once we introduce a fault into f2fsisvalidblkaddr; this unnecessary f2fsbugon function has been remove...

5.5CVSS5.9AI score0.00266EPSS

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Error checking for inftlreadoob has been added. In INFTLfindwriteunit, the return value of inftlreadoob needs to be checked. A proper implementation can be found in INFTLdeleteblock. The status will be set to...

7.8CVSS6.2AI score0.00164EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: The WARNONONCE call has been removed from ufshcduiccmdcompl. The UIC completion interrupt may be disabled while a UIC command is being processed. When the UIC completion interrupt is re-enabled, a UIC interrupt i...

7.8CVSS5.5AI score0.00133EPSS

Exploits0References1

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Media: v4l: async: Fixed a NULL pointer dereferencing issue in the process of creating auxiliary links. In v4l2asynccreateancillarylinks, auxiliary links are created for lens and flash sub-devices. These are links between...

5.5CVSS5.8AI score0.00225EPSS

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove the SCSI host only if it has been added. If the host attempts to remove the ufshcd driver from a UFS device, a kernel panic will occur if the ufshcdasyncscan function fails during ufshcdprobehba. This issu...

5.5CVSS6AI score0.00233EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: compress: fixed to avoid a use-after-free condition on dic. Call trace: memcpy+0x128/0x250 f2fsreadmultipages+0x940/0xf7c f2fsmpagereadpages+0x5a8/0x624 f2fsreadahead+0x5c/0x110 pagecacheraunbounded+0x1b8/0x590...

7.8CVSS6.7AI score0.00238EPSS

OSV•added 2026/06/10 10:13 p.m.•6 views

GHSA-9PG3-25FQ-P6CC nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs)

internal/web/operators.go:251 — after handleOperatorCreateAPIKey mints a fresh 32-byte bearer token, the redirect points the operator's browser at: /ui/operators/?newkey=&keyname= The raw API key ends up: - in the browser's URL history - in the Referer header on every cross-origin asset the detai...

5.5CVSS5.5AI score0.00012EPSS

RedhatCVE•added 2026/06/05 7:16 p.m.•7 views

CVE-2026-42608

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the sessionid passed as form-flash-id in POST requests, an unauthenticated attacker can traverse the filesystem to create arbitrary directories an...

9.3CVSS5.6AI score0.00521EPSS

Exploits1References1

Tenable Nessus•added 2026/06/03 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-46194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix nodecnt race between extent node destroy and writeback f2fsdestroyextentnode does not set FINOEXTENT before clearing extent nodes. When called from...

4.7CVSS5.8AI score0.00093EPSS

Microsoft CVE•added 2026/05/29 8:6 a.m.•7 views

mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()

...

7.1CVSS5.4AI score0.00131EPSS

Exploits0

RedhatCVE•added 2026/05/28 9:9 p.m.•10 views

CVE-2026-46175

A flaw was found in the Linux kernel's f2fs filesystem. During Foreground Garbage Collection FGGC of node blocks, the system fails to properly clear internal metadata marks. This can lead to filesystem inconsistencies, where the fsck utility may misinterpret the state of migrated data. A local us...

7.1CVSS5.8AI score0.00124EPSS

Exploits0References4

Debian CVE•added 2026/05/28 9:36 a.m.•7 views

CVE-2026-46175

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs seq 1 2048 | xargs...

7.1CVSS5.7AI score0.00124EPSS

Exploits0

CNNVD•added 2026/05/28 12:0 a.m.•6 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the nodecnt competition between the destruction and write-back operations of extent nodes in f2fs...

5.8AI score0.00093EPSS

Exploits0References5

Cvelist•added 2026/05/25 2:15 p.m.•22 views

CVE-2018-25377 Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the...

8.6CVSS0.00182EPSS

Vulnrichment•added 2026/05/25 2:15 p.m.•11 views

CVE-2018-25377 Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH

EUVD•added 2026/05/25 2:15 p.m.•11 views

EUVD-2018-21899

CVE•added 2026/05/25 2:15 p.m.•21 views

CVE-2018-25377

Flash Slideshow Maker Professional 5.20 is affected by a buffer overflow in the registration dialog (Help > Register). The underlying cause involves structured exception handling (SEH), enabling a local attacker to craft a malicious payload and paste it into the Name and Code fields, potential...

CNNVD•added 2026/05/25 12:0 a.m.•7 views

SocuSoft Flash Slideshow Maker Professional 安全漏洞

SocuSoft Flash Slideshow Maker Professional is a slideshow maker software from SocuSoft. A security vulnerability exists in SocuSoft Flash Slideshow Maker Professional version 5.20, which originates from a buffer overflow in the registration dialog box that could allow a local attacker to execute...