CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

62 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: NFS: Automounted file systems should inherit the “ro”, “noexec”, “nodev”, and “sync” flags. When a file system is automatically mounted, it needs to preserve the user-set superblock mount options, such as the “ro” flag...

5.9AI score0.00051EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a slab out-of-bounds write in smbinheritdacl. The slab out-of-bounds write occurs because the offsets are larger than the allocation size of pntsd. This patch adds a check to validate the three offsets using the...

8.4CVSS6.8AI score0.00677EPSS

Exploits0References2

Github Security Blog•added 2026/05/14 8:56 p.m.•7 views

python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection

Summary prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with the Command Injection vulnerability CWE-78 in substituteutcpargs tracked as GHSA-33p6-5jxp-p3x4, an attacker can exfiltrate all process-level secrets in a single...

7.7CVSS5.8AI score0.00034EPSS

Exploits0References3Affected Software1

NVD•added 2026/05/01 2:16 p.m.•0 views

CVE-2026-31706

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate numaces and harden ACE walk in smbinheritdacl smbinheritdacl trusts the on-disk numaces value from the parent directory's DACL xattr and uses it to size a heap allocation: acesbase = kmallocsizeofstruct smbace...

8.8CVSS0.00056EPSS

Exploits0References4

Cvelist•added 2026/05/01 1:56 p.m.•32 views

CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()

8.8CVSS0.00056EPSS

Exploits0References4

Positive Technologies•added 2026/05/01 12:0 a.m.•3 views

PT-2026-36336

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ksmbd module where the smb inherit dacl function trusts the num aces value from a parent directory's DACL xattr to determine the size of a heap allocation. An...

9.8CVSS6.1AI score0.38453EPSS

Exploits29References49

NVD•added 2026/04/22 2:16 p.m.•0 views

CVE-2026-31528

In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmuctx-pmu for groups Oliver reported that x86pmudel ended up doing an out-of-bound memory access when groupschedin fails and needs to roll back. This should be handled by the transaction callbacks, but he...

7.8CVSS0.00015EPSS

Exploits0References5

CVE•added 2026/04/22 1:54 p.m.•5 views

CVE-2026-31528

The CVE-2026-31528 issue affects the Linux kernel PMU subsystem in perf, specifically during handling of performance event groups. The root cause is an incorrect use of event pointers across group operations: when group_sched_in() fails, the code may rollback using the wrong PMU, risking an out-o...

7.8CVSS5.5AI score0.00015EPSS

Exploits0References5Affected Software1

NVD•added 2026/04/16 2:16 p.m.•1 views

CVE-2026-6270

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...

9.1CVSS0.00085EPSS

Exploits1References3

Positive Technologies•added 2026/04/16 12:0 a.m.•1 views

PT-2026-33320

Name of the Vulnerable Software and Affected Versions @fastify/middie versions prior to 9.3.2 Description Inherited middleware is not registered directly on child plugin engine instances. When authentication middleware is registered in a parent scope and child plugins are registered with...

9.1CVSS5.8AI score0.00085EPSS

Exploits1References16

ATTACKERKB•added 2026/03/25 10:27 a.m.•0 views

CVE-2026-23371

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUEREPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the following WARNINGs edited. sched: DL de-boosted task PID 22725: REPLENISH fla...

5.7AI score0.00017EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 2026/03/25 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-23371

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sched/deadline: Fix missing ENQUEUEREPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big machine might lead to the followin...

5.5CVSS5.8AI score0.00017EPSS

Exploits0References3

OSV•added 2026/01/05 10:15 a.m.•4 views

AZL-73394 CVE-2025-68764 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag...

5.8AI score0.00051EPSS

Exploits0References1

CVE•added 2026/01/05 9:44 a.m.•6 views

CVE-2025-68764

CVE-2025-68764 : The OSV entry confirms a Linux kernel fix for NFS automounts not inheriting user-specified mount flags (ro, noexec, nodev, sync). Root cause: during automount, the superblock options were not preserved; fix ensures these mount options propagate to the automounted filesystem. Impa...

6.1AI score0.00051EPSS

Exploits0References8

Cvelist•added 2026/01/05 9:44 a.m.•15 views

CVE-2025-68764 NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags

0.00051EPSS

Exploits0References8

Positive Technologies•added 2026/01/05 12:0 a.m.•1 views

PT-2026-1252

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to Network File System NFS automounting. Specifically, automounted filesystems do not consistently inherit superblock mount options like read-on...

5.2CVSS6.3AI score0.00051EPSS

Exploits0

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-29540

Malicious code in bioql PyPI...

4.8CVSS6.3AI score0.00022EPSS

Exploits0References4

Tenable Nessus•added 2025/08/12 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2022-49783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/fpu: Drop fpregs lock before inheriting FPU permissions Mike Galbraith reported the following against an old fork of preempt-rt but the same issue also...

5.5CVSS6.5AI score0.00068EPSS

Exploits0References3

OSV•added 2025/05/01 2:9 p.m.•6 views

CVE-2022-49783 x86/fpu: Drop fpregs lock before inheriting FPU permissions

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Drop fpregs lock before inheriting FPU permissions Mike Galbraith reported the following against an old fork of preempt-rt but the same issue also applies to the current preempt-rt tree. BUG: sleeping function called fro...

5.5CVSS5.8AI score0.00068EPSS

Exploits0References5

NVD•added 2024/10/21 8:15 p.m.•12 views

CVE-2022-49033

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix sleep from invalid context bug in btrfsqgroupinherit Syzkaller reported BUG as follows: BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 Call Trace: dumpstacklvl+0xcd/0x134...

5.5CVSS0.00011EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by