CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

EUVD-2026-34141

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can obtain a raw MIPS KSEG0 kernel pointer, revealing kernel memory layout and aiding further exploitation...

5.8AI score

Exploits0References1

Cvelist•added yesterday•20 views

CVE-2026-36602

Exploits0References1

RedhatCVE•added last week•4 views

CVE-2026-46167

A flaw was found in the Linux kernel's usblp driver. A local user, interacting with a malicious printer, could exploit this vulnerability. When the LPGETSTATUS ioctl is used and a printer responds with zero bytes, the driver may return uninitialized kernel memory. This leads to information...

5.5CVSS5.8AI score0.00032EPSS

Exploits0References4

NVD•added 2026/05/28 10:16 a.m.•7 views

CVE-2026-46167

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl Just like in a previous problem in this driver, usblpctrlmsg will collapse the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferre...

0.00032EPSS

Exploits0References8

CVE•added 2026/05/28 9:36 a.m.•8 views

CVE-2026-46167

In the Linux kernel driver usb/usblp, CVE-2026-46167 fixes an uninitialized heap leak exposed via LPGETSTATUS. The bug arises because usblp_ctrl_msg() collapses usb_control_msg() return values to 0/-errno, leaving statusbuf (kmalloc(8)) uninitialized before the first LPGETSTATUS ioctl. If a print...

5.8AI score0.00032EPSS

Exploits0References8

Cvelist•added 2026/05/28 9:36 a.m.•23 views

CVE-2026-46167 usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl

0.00032EPSS

Exploits0References8

Snyk•added 2026/05/14 8:26 p.m.•5 views

Missing Authentication for Critical Function

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the getstatus function. An attacker can access sensitive configuration details by sending an unauthenticated HTTP GET request to the affected endpoint...

6.9CVSS5.8AI score0.00039EPSS

Exploits1References2

SUSE CVE•added 2026/04/25 1:37 a.m.•4 views

SUSE CVE-2026-31615

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

6.1CVSS5.5AI score0.00019EPSS

Exploits0References3

OSV•added 2026/04/24 3:16 p.m.•1 views

DEBIAN-CVE-2026-31615

5.5CVSS5.3AI score0.00019EPSS

Exploits0References1

Cvelist•added 2026/04/24 2:42 p.m.•26 views

CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers

0.00019EPSS

Exploits0References9

Debian CVE•added 2026/04/24 2:42 p.m.•4 views

CVE-2026-31615

5.5CVSS5.3AI score0.00019EPSS

Exploits0

ATTACKERKB•added 2026/04/24 2:42 p.m.•1 views

CVE-2026-31615

5.4AI score0.00019EPSS

Exploits0References7Affected Software1

EUVD•added 2026/04/24 2:42 p.m.•2 views

EUVD-2026-25508

5.4AI score0.00019EPSS

Exploits0References4

CVE•added 2026/04/24 2:42 p.m.•9 views

CVE-2026-31615

In CVE-2026-31615, the Linux kernel USB gadget code for renesas_usb3 (and related aspeed_udc context) did not validate endpoint indices in standard requests (GET_STATUS, SET/CLEAR_FEATURE). The host-supplied wIndex could be used to dereference a pointer without confirming endpoint count, risking ...

5.5CVSS5.4AI score0.00019EPSS

Exploits0References9Affected Software1

Positive Technologies•added 2026/04/24 12:0 a.m.•4 views

PT-2026-34967

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The renesas usb3 gadget driver fails to validate the endpoint index provided by the host in the wIndex variable within the 'GET STATUS' and 'SET/CLEAR FEATURE' standard request handlers...

9.8CVSS5.8AI score0.00102EPSS

Exploits0References71

ATTACKERKB•added 2026/02/16 3:32 p.m.•1 views

CVE-2026-2563

A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function setstcreenendeabledstatus/getstatus of the file /f/service/controlDevice of the component jdcapprpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the...

6.5CVSS5.3AI score0.00167EPSS

Exploits0References5Affected Software1

ATTACKERKB•added 2026/02/06 4:41 p.m.•3 views

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

3.5CVSS5.3AI score0.00051EPSS

Exploits0References2Affected Software1

SUSE CVE•added 2025/01/09 12:20 a.m.•1 views

SUSE CVE-2024-56771

In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information These four chips: W25N512GW W25N01GW W25N01JW W25N02JW all require a single bit of ECC strength and thus feature an on-die Hamming-like ECC engine. There is no...

5.5CVSS7.6AI score0.00033EPSS

Exploits0References3

Vulnrichment•added 2025/01/08 5:49 p.m.•1 views

CVE-2024-56771 mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information

7.4AI score0.00033EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 3:58 a.m.•1 views

SUSE CVE-2020-12654

An issue was found in Linux kernel before 5.5.4. mwifiexretwmmgetstatus in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591...

8CVSS7.2AI score0.004EPSS

Exploits0References24

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by