CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 9 hours ago•3 views

EUVD-2026-36123

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

8.7CVSS5.5AI score

Exploits0References5

NVD•added yesterday•7 views

CVE-2026-44505

5.3CVSS0.00037EPSS

CVE•added 2 days ago•6 views

CVE-2026-44505

The CVE affects Nimiq’s network-libp2p component (Rust) used in the Albatross-based PoS implementation. Before v1.4.0, when a peer returns a FoundRecord, the code verified the record via dht_verifier.verify and, on verifier error, logged and returned early without completing the oneshot used by N...

5.3CVSS5.5AI score0.00037EPSS

OSV•added 2 days ago•1 views

GHSA-C4FP-CXRR-MJ66 Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

2.1CVSS5.7AI score

Github Security Blog•added 2 days ago•7 views

Net::IMAP: Denial of Service via incomplete raw argument validation

9.8CVSS5.7AI score0.00017EPSS

Exploits0References3Affected Software1

OSV•added 2 days ago•2 views

UBUNTU-CVE-2026-46290

In the Linux kernel, the following vulnerability has been resolved: x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 "x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs", kernelfpubegin calls fpregslock which uses...

5.3AI score0.00017EPSS

Exploits0References6

RedHat Linux•added 3 days ago•11 views

serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

A flaw was found in serialize-javascript. An attacker can exploit this vulnerability by providing a specially crafted "array-like" object with an excessively large length property during the serialization process. This action causes the application to enter an intensive loop, leading to 100% CPU...

7.5CVSS5.4AI score0.00019EPSS

Exploits0References7

RedhatCVE•added 6 days ago•6 views

CVE-2025-67604

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4....

5.3CVSS5.5AI score0.00142EPSS

RedhatCVE•added 6 days ago•8 views

CVE-2026-34319

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

5CVSS7.2AI score0.00019EPSS

RedhatCVE•added 6 days ago•6 views

CVE-2026-44640

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to 0.24.14, aio-provdata is stored as nniquicconn during dialing, but read as exquicconn during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This...

4.5CVSS5.5AI score0.00014EPSS

RedHat Linux•added last week•3 views

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t...

4.9CVSS5.7AI score0.00047EPSS

Exploits0References6

ATTACKERKB•added 2026/06/03 3:49 p.m.•5 views

CVE-2025-71314

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthorgpuflushcaches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can recov...

5.8AI score0.00013EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/06/03 12:0 a.m.•9 views

PT-2026-45985

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/panthor component where the memory subsystem can become blocked, causing flush operations to never complete. This state can be triggered by buggy GPU jobs...

5.4AI score0.00013EPSS

Exploits0References6

NVD•added 2026/05/29 8:16 p.m.•13 views

CVE-2026-44640

4.5CVSS0.00014EPSS

CVE•added 2026/05/29 7:28 p.m.•19 views

CVE-2026-44640

CVE-2026-44640 affects NanoMQ (MQTT Broker). The issue is a type confusion in the QUIC dialer: aio->prov_data is stored as nni_quic_conn * during dialing but read as ex_quic_conn * during dialer close, leading to invalid object interpretation and a close-path hang/crash. This describes the vul...

4.5CVSS5.8AI score0.00014EPSS

Vulnrichment•added 2026/05/29 7:28 p.m.•12 views

CVE-2026-44640 NanoMQ: QUIC Dialer Close Type Confusion

4.5CVSS5.8AI score0.00014EPSS

EUVD•added 2026/05/29 7:28 p.m.•7 views

EUVD-2026-33428

4.5CVSS5.8AI score0.00014EPSS

Microsoft CVE•added 2026/05/29 8:7 a.m.•2 views

LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()

...

5.5CVSS5.4AI score0.00012EPSS

Exploits0

SUSE CVE•added 2026/05/29 1:16 a.m.•9 views

SUSE CVE-2026-46156

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix potential ADE in loongsongpufixupdmahang The switch case in loongsongpufixupdmahang may not DC2 or DC3, and readlcrtcreg will access with random address, because the "device" is from "base+PCIDEVICEID", "base" is...

5.8AI score0.00012EPSS