CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added yesterday•2 views

UBUNTU-CVE-2026-55655

CVE•added yesterday•15 views

Exploits0References4

CVE-2026-55655

OpenSSH on Linux clients is affected by CVE-2026-55655. The issue allows a local unprivileged attacker to hijack client-side X11 forwarding connections by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. The attack can compr...

ATTACKERKB•added yesterday•9 views

CVE-2026-55655

Cvelist•added yesterday•28 views

CVE-2026-55655 Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions

5CVSS0.0009EPSS

RedhatCVE•added yesterday•9 views

CVE-2026-55655

Tenable Nessus•added yesterday•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-55655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by...

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: esp: Fixed improper handling of pages from pagepool. When the skb is reorganized during espoutput !esp-inline, the pages originating from the original skb fragments are supposed to be released back to the system through...

5.5CVSS6.1AI score0.00227EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Issues with the LTP test failing when timestamps are delegated have been fixed. The utimes01 and utime06 tests fail when delegated timestamps are enabled, especially in subtests that modify the atime and mtime fields using t...

5.7AI score0.00155EPSS

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ip: Fixed data races related to sysctlipfwdupdatepriority. When reading sysctlipfwdupdatepriority, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

4.7CVSS5.5AI score0.0018EPSS

EUVD•added last week•8 views

EUVD-2026-36729

webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies...

5.3CVSS5.2AI score0.00163EPSS

Exploits0References6

RedHat Linux•added 2026/06/17 9:22 a.m.•5 views

kernel: net: use dst_dev_rcu() in sk_setup_caps()

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

5.4AI score0.00167EPSS

Exploits0References5

Positive Technologies•added 2026/06/16 12:0 a.m.•10 views

PT-2026-50132

Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and...

9.3CVSS5.6AI score0.00324EPSS

EUVD•added 2026/06/15 9:30 p.m.•6 views

EUVD-2026-37000

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...

8.6CVSS5.2AI score0.00139EPSS

NVD•added 2026/06/15 4:16 p.m.•8 views

CVE-2026-9595

Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS0.00163EPSS

Exploits0References5

NVD•added 2026/06/15 2:16 p.m.•8 views

CVE-2026-6517

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

7.7CVSS0.00187EPSS

Cvelist•added 2026/06/15 1:55 p.m.•37 views

CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed

6.3CVSS0.00187EPSS

EUVD•added 2026/06/15 1:55 p.m.•13 views

EUVD-2026-36725

6.3CVSS5.3AI score0.00187EPSS