CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/05/15 1:58 a.m.•4 views

SUSE CVE-2026-43483

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is deactivated Explicitly set/clear CR8 write interception when AVIC is deactivated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM...

5.7AI score0.00032EPSS

Exploits0References3

NVD•added 2026/05/06 10:16 a.m.•4 views

CVE-2026-43096

In the Linux kernel, the following vulnerability has been resolved: mshv: Fix infinite fault loop on permission-denied GPA intercepts Prevent infinite fault loops when guests access memory regions without proper permissions. Currently, mshvhandlegpaintercept attempts to remap pages for all faults...

5.5CVSS0.00012EPSS

Cvelist•added 2026/05/06 7:40 a.m.•22 views

CVE-2026-43096 mshv: Fix infinite fault loop on permission-denied GPA intercepts

0.00012EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux

A flaw was discovered in the KVM’s AMD code, responsible for supporting SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest, which is used to spawn or handle a nested guest L2. Due to improper validation of the...

8.8CVSS6.8AI score0.00066EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/tsens: Fixed null pointer dereferencing. The function computeinterceptslope is called from calibrate8960 in tsens-8960.c. This call involves parameters priv, p1, NULL, and ONEPTCALIB, which can lead to a null...

5.5CVSS6.2AI score0.00008EPSS

EUVD•added 2026/04/22 6:30 a.m.•2 views

EUVD-2026-24612

Vulnerability in Spring Spring Security. If an application uses to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from...

OSV•added 2026/04/22 6:30 a.m.•1 views

GHSA-4VRC-J85C-598C Spring Security Doesn't Correctly Include Servlet Path in Path Matching of XML Authorization Rules

NVD•added 2026/04/22 6:16 a.m.•2 views

Exploits0References3

CVE-2026-22754

7.5CVSS0.00055EPSS

Vulnrichment•added 2026/04/22 5:32 a.m.•2 views

CVE-2026-22754 ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules

Positive Technologies•added 2026/04/22 12:0 a.m.•0 views

PT-2026-34559

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-alpha.94 Description Four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a check permissions helper that validates authentication but fails to perform admin-action authorization...

8.3CVSS5.2AI score0.00085EPSS

Exploits0References8

CNNVD•added 2026/04/22 12:0 a.m.•5 views

Spring Security 访问控制错误漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. In versions 7.0.0 to 7.0.4 of Spring Security, there was an access control vulnerability. This vulnerability occurred when the servlet path defined using the tag did not...

vulnersOsv•added 2026/04/21 6:16 p.m.•3 views

bagbag (>=0.72.2 <=0.75.43), chameli (>=0.1.9 <=0.1.13) +29 more potentially affected by CVE-2026-40606 via mitmproxy (>=0.17.0 <=12.2.1)

mitmproxy PYPI version =0.17.0, =0.72.2, =0.1.9, =0.1.0, =0.0.0, =4.0.0, =0.34.0, =0.14.1, =4.0.0, =0.11.0, =3.7.6, =2.0.0b0, =1.0.0, =0.9.0, =1.1.0 and more Source cves: CVE-2026-40606 Source advisory: OSV:PYSEC-2026-92...

4.8CVSS5.8AI score0.00092EPSS

Exploits1

NVD•added 2026/04/16 1:16 a.m.•2 views

CVE-2026-40960

Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...

8.1CVSS0.00006EPSS

Exploits0References3

Debian CVE•added 2026/04/16 12:54 a.m.•1 views

CVE-2026-40960

8.1CVSS5.2AI score0.00006EPSS

Exploits0

Positive Technologies•added 2026/04/16 12:0 a.m.•0 views

PT-2026-33198

Name of the Vulnerable Software and Affected Versions Luanti 5 versions prior to 5.15.2 Description An issue exists where unintended access to an insecure environment may occur. If at least one mod is listed as secure.trusted mods or secure.http mods, a crafted mod can intercept and gain access t...

8.1CVSS5.8AI score0.00006EPSS

Exploits0References14

CNNVD•added 2026/04/16 12:0 a.m.•3 views

Luanti 安全漏洞

Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti prior to 5.5.2 contained security vulnerabilities. These vulnerabilities were caused by improper security environment configuration, which could allow custom modules to...

8.1CVSS5.8AI score0.00006EPSS

OSV•added 2026/04/13 12:7 p.m.•1 views

USN-8167-1 xdg-dbus-proxy vulnerability

It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept certain D-Bus messages...

6.8CVSS5.8AI score0.00009EPSS