CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Astra Linux - уязвимость в linux-5.10, linux, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure that the limit on the timer ID search loop is valid. The posixtimeradd function attempts to allocate a posix timer ID by starting from the cached ID stored after the last successful allocation. This is done b...

5.7AI score0.00044EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/64s/slb: Fixed the SLB multi-hit issue during SLB preload. On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This preload cache is subjec...

7.8CVSS5.5AI score0.00023EPSS

5.7CVSS6.6AI score0.0004EPSS

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A hash collision flaw was discovered in the IPv6 connection lookup table within the Linux kernel’s IPv6 functionality. This flaw occurs when a user carries out a new type of SYN flood attack. A user located within the local network or with a high-bandwidth connection can cause the CPU usage of th...

7.9CVSS7AI score0.00178EPSS

Astra Linux - уязвимость в linux, linux-5.10

There is a use-after-free vulnerability in the ALSA PCM package within the Linux kernel. The SNDRVCTLIOCTLELEMREAD|WRITE32 function lacks locks that could be exploited in a use-after-free situation, leading to an escalation of privileges to gain ring0 access from the system user. We recommend...

5.5CVSS6.2AI score0.00013EPSS

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: sockmap: Added a condresched function in sockhashfree. Several reports of syzbot soft lockups involve sockhashfree. If a map with a large number of buckets is destroyed, we need to yield the CPU when necessary...

5.5CVSS5.9AI score0.00018EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: selinux: Fixed a NULL pointer dereferencing issue when hashtab allocation fails. When the allocation of the hash table slot array fails in hashtabinit, h-size is initialized with a non-zero value, but the h-htable pointer...

6.5CVSS6.8AI score0.00075EPSS

Astra Linux - уязвимость в isc-dhcp

In ISC DHCP 4.4.0 - 4.4.3, and ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addOption, it increments the refcount field of the option. However, there is no corresponding call to optiondereference to decrement the refcount field. The function addOptio...

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fixed a suspicious RCU usage warning in iptunnelfind The per-netns IP tunnel hash table is protected by the RTNL mutex, and iptunnelfind is only called from the control path where the mutex is acquired. A lockdep...

5.5CVSS6.4AI score0.00016EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbedit: fix divide-by-zero in tcfskbedithash Commit 38a6f0865796 “net: sched: support hash selecting tx queue” added support for SKBEDITFTXQSKBHASH. The inclusive range size is computed as follows: mappingmod =...

5.5CVSS5.3AI score0.00015EPSS

5.5CVSS6AI score0.00049EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Enforces the documented limit to prevent excessive memory allocation. Daniel Xu reported that the hash:net,iface type of the ipset subsystem does not limit adding the same network with different interfaces to a...

7.5CVSS5.3AI score0.00383EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: Fixed a leak in activenumconn when there is a failure in transport allocation. The commit 77ffbcac4e56 “smb: server: fixed the leak of activenumconn in ksmbdtcpnewconnection” addresses the failure path in kthreadrun...

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42265

Name of the Vulnerable Software and Affected Versions Crypt::SaltedHash versions prior to 0.110.0 Description Crypt::SaltedHash for Perl is susceptible to timing attacks because it uses Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying hash...

7.5CVSS5.8AI score0.00038EPSS

Exploits0References7

OSV•added 2026/05/20 12:0 a.m.•1 views

UBUNTU-CVE-2026-42923

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

6.9CVSS5.8AI score0.00057EPSS

Exploits0References4

Tenable Nessus•added 2026/05/20 12:0 a.m.•3 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021553)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021553 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Call freehtabelem after htabunlockbucket For htab of maps, when the map is removed from the...

5.5CVSS6.3AI score0.00009EPSS

Exploits0References4

Positive Technologies•added 2026/05/20 12:0 a.m.•9 views

PT-2026-42130

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1 Description A flaw in the DNSSEC validator occurs when the code path used to consult the negative cache for DS records ignores the limit on NSEC3 hash calculations. An attacker controlling a DNSSEC...

10CVSS5.9AI score0.00322EPSS

Exploits0References35

UbuntuCve•added 2026/05/20 12:0 a.m.•5 views

CVE-2026-42923

6.9CVSS5.8AI score0.00057EPSS

Exploits0References3

Positive Technologies•added 2026/05/20 12:0 a.m.•8 views

PT-2026-42204

RTK Rust Token Killer improperly trusts project-local configuration files. In versions prior to 0.32.0, RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An attacker can place a malicious filter file in a repository to apply...

6.9CVSS5.8AI score

Exploits0References5

RedHat Linux•added 2026/05/19 10:19 p.m.•8 views

jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

7.5CVSS5.8AI score0.00024EPSS

Exploits0References6

RedhatCVE•added 2026/05/19 7:57 p.m.•8 views

CVE-2026-8803

A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...

6.3CVSS5.3AI score0.00015EPSS