CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41057 matches found

OSV•added 2026/05/06 12:13 p.m.•4 views

SUSE-SU-2026:1717-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

7.5CVSS7.1AI score0.00073EPSS

Exploits5References13

SUSE Linux•added 2026/05/06 12:6 p.m.•2 views

Security update for flatpak

This update for flatpak fixes the following issues: CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox-expose options bsc1261769. CVE-2026-34079: Arbitrary file deletion on host via improper cache file path validation bsc1261770. Patch Instructions: To install this SUSE upda...

8.2CVSS7.6AI score0.00172EPSS

Exploits0References8

OSV•added 2026/05/06 12:6 p.m.•4 views

SUSE-SU-2026:1713-1 Security update for flatpak

This update for flatpak fixes the following issues: - CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox-expose options bsc1261769. - CVE-2026-34079: Arbitrary file deletion on host via improper cache file path validation bsc1261770...

10CVSS6.4AI score0.00172EPSS

Exploits0References5

CVE•added 2026/05/06 11:32 a.m.•18 views

CVE-2025-71285

Summary of the CVE-2025-71285 cluster: The Linux kernel’s net/qrtr MHI auto_queue feature for IPCR DL channels is being removed. The race occurs when the MHI stack can call the DL path callback before the QRTR client driver is fully initialized, risking NULL pointer dereferences. The fix disables...

5.5CVSS5.8AI score0.00015EPSS

Exploits0References3Affected Software1

CVE•added 2026/05/06 11:28 a.m.•10 views

CVE-2026-43275

In the Linux kernel, a race condition in the UFS core driver can occur during system suspend when Runtime Power Management (RPM) level is zero. The driver previously bypassed flushing the exception-event handling work in this state, risking illegal host-controller access after entering deep power...

4.7CVSS5.8AI score0.00014EPSS

Exploits0References7Affected Software1

Schneier on Security•added 2026/05/06 10:36 a.m.•5 views

Rowhammer Attack Against NVIDIA Chips

A new rowhammer attack gives complete control of NVIDIA CPUs. On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia’s Ampere generation that take GPU rowhammering into new--and potentially much more consequential--territory: GDD...

5.9AI score

Exploits0

EUVD•added 2026/05/06 9:55 a.m.•2 views

EUVD-2026-27655

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting .example.com, any XYZ.example.com where xyz is a valid name can be used...

6.9CVSS5.8AI score0.00013EPSS

Exploits1References3

NVD•added 2026/05/06 8:16 a.m.•5 views

CVE-2026-35253

Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this...

4.7CVSS0.00006EPSS

Exploits0References1

NVD•added 2026/05/06 8:16 a.m.•2 views

CVE-2026-23926

An authenticated non-super administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens th...

7.3CVSS0.0008EPSS

Exploits0References1

OSV•added 2026/05/06 8:16 a.m.•3 views

DEBIAN-CVE-2026-23926

7.3CVSS5.8AI score0.0008EPSS

Exploits0References1

UbuntuCve•added 2026/05/06 8:16 a.m.•3 views

CVE-2026-23926

7.3CVSS5.8AI score0.0008EPSS

Exploits0References2

Cvelist•added 2026/05/06 7:40 a.m.•23 views

CVE-2026-43097 PCI: hv: Fix double ida_free in hv_pci_probe error path

In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix double idafree in hvpciprobe error path If hvpciprobe fails after storing the domain number in hbus-bridge-domainnr, there is a call to free this domainnr via pcibusreleaseemuldomainnr, however, during cleanup, the...

0.00017EPSS

Exploits0References2

Vulnrichment•added 2026/05/06 7:0 a.m.•4 views

CVE-2026-23928 Stored XSS vulnerability in the Item history/Plain text widget

The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...

7.3CVSS5.9AI score0.0008EPSS

Exploits0References1

EUVD•added 2026/05/06 7:0 a.m.•4 views

EUVD-2026-27530

7.3CVSS5.9AI score0.0008EPSS

Exploits0References1

Cvelist•added 2026/05/06 7:0 a.m.•24 views

CVE-2026-23928 Stored XSS vulnerability in the Item history/Plain text widget

7.3CVSS0.0008EPSS

Exploits0References1

Debian CVE•added 2026/05/06 7:0 a.m.•3 views

CVE-2026-23928

7.3CVSS5.9AI score0.0008EPSS

Exploits0

EUVD•added 2026/05/06 6:58 a.m.•3 views

EUVD-2026-27527

7.3CVSS5.8AI score0.0008EPSS

Exploits0References1

CVE•added 2026/05/06 6:58 a.m.•13 views

CVE-2026-23926

The CVE-2026-23926 entry describes a Stored XSS in the Host navigator widget maintenance tooltip. An authenticated (non-super) administrator can create a maintenance period containing a JavaScript payload that is executed when any user opens the tooltip for that maintenance period, enabling the a...

7.3CVSS5.8AI score0.0008EPSS

Exploits0References1