CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 3 days ago•28 views

CVE-2026-8823 User Manager can demote bot accounts to guest without bot-management permission

3.8CVSS0.00231EPSS

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability in Xen

Inappropriate x86 IOMMU timeout detection/handling: IOMMU processes commands that are issued in parallel with the operation of the CPUs that issue those commands. In the current implementation in Xen, asynchronous notifications of the completion of such commands are not used. Instead, the issuing...

7.1CVSS6.9AI score0.00284EPSS

AstraLinux•added 6 days ago•9 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Drivers: hv: vmbus: Disabled the option to deactivate sysctlrecordpanicmsg by default in isolated guests. hvpanicpage might contain information sensitive to guests; do not dump this information to Hyper-V by default in isolate...

5.5CVSS6.1AI score0.00258EPSS

AstraLinux•added 6 days ago•17 views

Astra Linux – Vulnerability in Linux 5.10

The Linux kernel before version 5.18.13 lacked a clear mechanism for handling the block start symbol .bss. This allowed Xen PV guest OS users to cause a denial of service or gain privileges...

7.8CVSS6.4AI score0.00846EPSS

Exploits1References2

AstraLinux•added 6 days ago•3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

Guests running on Arm can cause Denial of Service DoS attacks on Dom0 through PV devices. When mapping memory pages of guests on Arm, Dom0 uses an rbtree to keep track of the foreign mappings. The update of this rbtree does not always occur completely with the relevant lock held, resulting in a...

4.7CVSS6.5AI score0.00299EPSS

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

Closing an event channel in the Linux kernel can lead to a deadlock. This occurs when the closure operation is performed in parallel with an unrelated Xen console action, and the handling of a Xen console interrupt occurs in a unprivileged guest. The closure of an event channel is triggered, for...

4.9CVSS6.2AI score0.00888EPSS

Xen Project•added 2026/06/09 12:0 p.m.•11 views

x86: mismatched mapcache metadata

ISSUE DESCRIPTION Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache. IMPACT Privilege escalation, Denial of...

8.1CVSS5.5AI score0.00353EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/05/27 7:15 p.m.•8 views

CVE-2026-46059

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine nSVM module. This vulnerability occurs when running nested virtual machines L2 guests with NRIPS Next Instruction Pointer Suppression disabled. After an L2 guest's initial run, the NextRIP value in vmcb02 may not be correctly...

5.5CVSS5.9AI score0.00121EPSS

Tenable Nessus•added 2026/05/27 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-45987

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from...

5.5CVSS5.8AI score0.00123EPSS

Vulnrichment•added 2026/05/19 12:49 p.m.•8 views

CVE-2026-23558 grant table v2 race in status page mapping

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

5.8AI score0.00117EPSS

OSV•added 2026/05/18 6:6 a.m.•5 views

BIT-GITLAB-2025-13874 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...

4.3CVSS5.8AI score0.00193EPSS

CNNVD•added 2026/05/15 12:0 a.m.•9 views

AMD Graphics Driver 访问控制错误漏洞

AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. The AMD Graphics Driver contains a access control error vulnerability, which stems from improper isolation. This vulnerability may allow malicious guest virtual machines or processes to gain...

8.8CVSS5.9AI score0.00096EPSS

UbuntuCve•added 2026/05/14 6:16 a.m.•9 views

CVE-2025-13874

4.3CVSS5.8AI score0.00193EPSS

Debian CVE•added 2026/05/12 4:35 p.m.•11 views

CVE-2025-35979

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some IntelR Processors within VMX non-root guest operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a...

6.8CVSS5.8AI score0.00096EPSS

Exploits0

Nextcloud•added 2026/05/12 9:10 a.m.•12 views

View-only guests could see deleted Collectives pages in the trashbin

None...

2.6CVSS5.8AI score0.00189EPSS

Exploits0References2Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fixed the initialization of the ID register for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the kvm structure for each VM. For non-protected VMs, this structure is...

8.8CVSS5.4AI score0.00119EPSS