CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2 days ago•3 views

CVE-2026-54236

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitizemessage helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo...

5.3CVSS5.9AI score0.00824EPSS

Exploits0References4Affected Software1

RedHat Linux•added 2 days ago•4 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS6.6AI score0.00522EPSS

Exploits1References5

NVD•added 2 days ago•8 views

CVE-2026-54274

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...

8.7CVSS0.00279EPSS

ATTACKERKB•added 2 days ago•2 views

CVE-2026-54274

8.7CVSS5.8AI score0.00279EPSS

Exploits0References3Affected Software1

RedHat Linux•added 2 days ago•5 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS5.8AI score0.0056EPSS

Exploits0References6

RedHat Linux•added 2 days ago•6 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

7.5CVSS5.8AI score0.0056EPSS

Exploits0References6

Tenable Nessus•added 2 days ago•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-54274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads,...

8.7CVSS5.9AI score0.00279EPSS

Tenable Nessus•added 4 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-56211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC...

7.1CVSS6.7AI score0.00385EPSS

Tenable Nessus•added 4 days ago•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-48619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This...

6.1AI score

NVD•added 5 days ago•9 views

CVE-2026-56211

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

7.1CVSS0.00385EPSS

NVD•added 5 days ago•7 views

CVE-2026-56208

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...

7.6CVSS0.00269EPSS

Cvelist•added 5 days ago•28 views

CVE-2026-56211 Libaom: libaom: remote code execution via svc layer context handling with attacker-controlled frames

7.1CVSS0.00385EPSS

CVE•added 5 days ago•13 views

CVE-2026-56211

CVE-2026-56211 concerns libaom, the reference AV1 codec. The vulnerability stems from insufficient bounds validation in the AV1 encoder’s SVC layer ID control, enabling an attacker-provided frame to overlap internal encoder layer context structures. In fork-based video processing services, this c...

7.1CVSS6.7AI score0.00385EPSS

RedhatCVE•added 5 days ago•8 views

CVE-2026-56211

7.1CVSS6.7AI score0.00385EPSS

Exploits0References5

EUVD•added 5 days ago•9 views

EUVD-2026-37747

undici WebSocket client vulnerable to denial of service via fragment count bypass...

7.5CVSS5.8AI score0.00426EPSS

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability in libvncserver

It was discovered that the websockets.c file in LibVNCServer prior to version 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, resulting in a heap-based buffer overflow...

9.8CVSS8.4AI score0.02259EPSS

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mac80211: Only QoS data frames are tracked for admission control. For admission control, it clearly only applies to QoS data frames. Otherwise, we wouldn’t even be able to access the QoS field in the header. Syzbot reported an...

5.5CVSS5.6AI score0.00222EPSS

AstraLinux•added 5 days ago•12 views

Astra Linux – Vulnerability in Firefox and Thunderbird

In some cases, video frames may have been leaked between their origins. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...

7.5CVSS6.7AI score0.00701EPSS