CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: Fixed the handling of VMPAT when fork fails in copypagerange. If trackpfncopy fails, we have already added the dst VMA to the maple tree. When fork fails, we will clean up the maple tree, and encounter the dst VMA for...

5.5CVSS6.3AI score0.00024EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sched/core: Fix use-after-free bug in dupusercpusptr Since commit 07ec77a1d4e8 "sched: Allow task CPU affinity to be restricted on asymmetric systems", the setting and clearing of usercpusptr are done under pilock for arm64...

7.8CVSS6.4AI score0.00019EPSS

OSV•added 2026/04/30 4:39 p.m.•1 views

OPENSUSE-SU-2026:20662-1 Security update for hauler

This update for hauler fixes the following issues: Changes in hauler: - update to 1.4.2 bsc1258614, CVE-2026-24122: Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 in the gomodules group across 1 directory fix for new helm chart features Bump github.com/sigstore/rekor from 1.4.3 ...

3.7CVSS5.8AI score0.00011EPSS

Exploits2References2

NVD•added 2026/04/28 9:16 a.m.•2 views

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.5CVSS0.00068EPSS

Exploits0References1

CVE•added 2026/04/28 7:31 a.m.•4 views

CVE-2026-40980

In Spring AI, a memory exhaustion vulnerability exists in the ForkPDFLayoutTextStripper when processing a malicious PDF. Affected versions are Spring AI 1.0.0–1.0.5 (fixed in 1.0.6) and 1.1.0–1.1.4 (fixed in 1.1.5). The CVSS data indicates availability impact is High, with network attack and low ...

6.5CVSS5.2AI score0.00068EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/28 7:31 a.m.•23 views

CVE-2026-40980

6.5CVSS0.00068EPSS

Exploits0References1

ATTACKERKB•added 2026/04/28 7:31 a.m.•2 views

CVE-2026-40980

6.5CVSS5.2AI score0.00068EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/04/28 12:0 a.m.•2 views

PT-2026-35689

6.5CVSS5.2AI score0.00068EPSS

RedhatCVE•added 2026/04/27 7:23 p.m.•1 views

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

OSV•added 2026/04/27 6:33 p.m.•6 views

Exploits1References1

JLSEC-2026-215 OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include...

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

5.3CVSS6.3AI score0.02629EPSS

Exploits0References25

Tenable Nessus•added 2026/04/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-41414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork co...

7.4CVSS5.9AI score0.00032EPSS

NVD•added 2026/04/24 7:17 p.m.•2 views

CVE-2026-41414

7.4CVSS0.00032EPSS

Exploits1References3

EUVD•added 2026/04/24 6:32 p.m.•1 views

EUVD-2026-25596

7.4CVSS5.3AI score0.00032EPSS

ATTACKERKB•added 2026/04/24 6:32 p.m.•4 views

CVE-2026-41414

Cvelist•added 2026/04/24 6:32 p.m.•26 views

Exploits1References3

CVE-2026-41414 Skim: Arbitrary code execution via pull_request_target fork checkout in pr.yml

7.4CVSS0.00032EPSS

Vulnrichment•added 2026/04/24 6:32 p.m.•3 views

CVE-2026-41414 Skim: Arbitrary code execution via pull_request_target fork checkout in pr.yml

AlpineLinux•added 2026/04/24 6:32 p.m.•2 views

CVE-2026-41414

7.4CVSS5.9AI score0.00032EPSS

Exploits1References3

CVE•added 2026/04/24 6:32 p.m.•4 views

CVE-2026-41414

CVE-2026-41414 affects Skim. The vulnerability allows arbitrary code execution via the generate-files workflow in .github/workflows/pr.yml, where the workflow checks out code from an attacker-controlled fork and runs it with access to SKIM_RS_BOT_PRIVATE_KEY and GITHUB_TOKEN (contents:write). No ...