CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

RedhatCVE•added 2026/02/13 7:21 a.m.•5 views

CVE-2026-25828

grub-btrfs through 2026-01-31 on Arch Linux and derivative distributions allows initramfs OS command injection because it does not sanitize the $root parameter to resolvedevice. NOTE: a third party reports "exploitation may not be feasible under normal conditions and may depend on specific...

5.4CVSS5.9AI score0.0052EPSS

Exploits1References1

NVD•added 2026/02/12 10:16 p.m.•4 views

CVE-2026-25828

5.4CVSS0.0052EPSS

Exploits1References3

Cvelist•added 2026/02/12 12:0 a.m.•24 views

CVE-2026-25828

0.0052EPSS

Exploits1References3

Positive Technologies•added 2026/02/12 12:0 a.m.•5 views

PT-2026-7909

grub-btrfs through 2026-01-31 on Arch Linux and derivative distributions allows initramfs OS command injection because it does not sanitize the $root parameter to resolve device...

5.6AI score0.0052EPSS

Exploits1References4

ATTACKERKB•added 2026/02/12 12:0 a.m.•2 views

CVE-2026-25828

5.4CVSS5.9AI score0.0052EPSS

Exploits1References4

CVE•added 2026/02/12 12:0 a.m.•7 views

CVE-2026-25828

CVE-2026-25828 affects grub-btrfs up to 2026-01-31 on Arch Linux and derivatives. The initramfs hook grub-btrfs-overlayfs passes the kernel parameter $root to resolve_device() without sanitization, enabling potential initramfs command execution as root during boot. The issue is rooted in not sani...

5.4CVSS5.9AI score0.0052EPSS

Exploits1References3

CNNVD•added 2026/02/12 12:0 a.m.•3 views

grub-btrfs 操作系统命令注入漏洞

Grub-Btrfs is a Linux tool developed by Antynea’s individual developers. Versions of Grub-Btrfs starting from 2026-01-31 and earlier contained an operating system command injection vulnerability. This vulnerability stemmed from the lack of cleanup of the $root parameter, which could lead to OS...

5.4CVSS5.8AI score0.0052EPSS

Exploits1References5