CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.5CVSS6AI score0.00146EPSS

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix NULL-pointer dereferences There are several situations in which the kernel can crash when requests are made to unbind the GPIO device and then system calls related to the GPIO character device’s anonymous file...

5.5CVSS6.1AI score0.00238EPSS

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, an...

5.5CVSS6.2AI score0.00219EPSS

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a system hang that occurred during resume with a Thunderbolt monitor. Why This issue arises when using a Thunderbolt monitor and performing suspend operations; the system may hang during resume. During the...

4.6CVSS6.3AI score0.00388EPSS

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dumpmapping from accessing invalid dentry.dname.name It has been observed that a crash occurs during the hot removal of a memory device, in which the user is accessing hugetlb. See the call trace as follows:...

AstraLinux•added 2026/06/19 11:10 a.m.•5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: PCI/DPC: Fixed a use-after-free issue when a DPC event occurs concurrently with hot-removal of the same portion of the hierarchy. Keith reported a use-after-free when a DPC event occurred concurrently with the hot-removal of t...

7.8CVSS6.5AI score0.00228EPSS

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: A issue related to the object lifecycle was fixed in updateqosrequest. The cpufreqcpuput call in updateqosrequest occurs too early. This is because updateqosrequest subsequently calls freqqosupdaterequest,...

5.6AI score0.00171EPSS

7.8CVSS6AI score0.00161EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: vpvdpa: fixed the crash that occurs when the vpvdpa device is unplugged suddenly. When the vpvdpa device is unplugged, it triggers a kernel panic. The root cause is that vdpamgmtdevunregister will access modern devices, leadin...

5.5CVSS5.7AI score0.00149EPSS

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: PCI: pnvphp: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnvphp driver leaks the allocated IRQ resources for the child bridges’ hotplug event notifications, resulting in...

7.8CVSS6.5AI score0.0023EPSS

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: PCI: Fixed a use-after-free of slot-bus during hot removal. Dennis reported a boot crash on recent Lenovo laptops with a USB4 dock. Since the commit 0fc70886569c "thunderbolt: Reset USB4 v2 host router" and the commit...

5.5CVSS6.1AI score0.00155EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – Fixed the GCCGCCPCIEHOTRST definition for WCN7850 The GCCGCCPCIEHOTRST definition for WCN7850 was incorrectly set, causing a kernel crash on some specific platforms. Since the state of this register differs between...

OSV•added 2026/06/17 6:13 p.m.•4 views

GHSA-MX8G-39Q3-5C79 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies

Impact When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS5.4AI score0.00163EPSS

Exploits0References7

NVD•added 2026/06/17 1:19 p.m.•9 views

CVE-2025-69108

Unauthenticated PHP Object Injection in Hot Coffee = 1.7 versions...

9.8CVSS0.00525EPSS

CVE•added 2026/06/16 8:56 p.m.•13 views

CVE-2025-69108

CVE-2025-69108 is an unauthenticated PHP Object Injection in the WordPress theme Hot Coffee (<= 1.7). The description specifies unauthenticated object injection in Hot Coffee

9.8CVSS5.3AI score0.00525EPSS

Cvelist•added 2026/06/16 8:56 p.m.•25 views

CVE-2025-69108 WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Hot Coffee = 1.7 versions...

9.8CVSS0.00525EPSS

NCSC•added 2026/06/16 1:13 p.m.•14 views

Vulnerabilities found in Check Point Remote and Mobile Access VPN-products

Check Point has identified vulnerabilities in Remote and Mobile Access VPN products, specifically those implemented using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments that utilize the outdated IKEv1...

9.3CVSS6AI score0.71051EPSS

Exploits5References3

OSSF Malicious Packages•added 2026/06/16 6:12 a.m.•10 views

Malicious code in hot-validation-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76065c270ae195ee042c46a6d0ade5737992948d3f3068f367fc6bfef474ce9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score