CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/27 2:17 p.m.•3 views

UBUNTU-CVE-2026-46044

In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Clean up kthread on errors If an error occurs after the ssif kthread is created, but before the main IPMI code starts the ssif interface, the ssif kthread will not be stopped. So make sure the kthread is stopped on an...

OSV•added 2026/05/27 2:17 p.m.•2 views

UBUNTU-CVE-2026-45917

In the Linux kernel, the following vulnerability has been resolved: ipvs: do not keep destdst if dev is going down There is race between the netdev notifier ipvsdstevent and the code that caches dst with dev that is going down. As the FIB can be notified for the closed device after our handler...

5.7AI score0.00023EPSS

OSV•added 2026/05/27 2:17 p.m.•2 views

UBUNTU-CVE-2026-45996

In the Linux kernel, the following vulnerability has been resolved: spi: imx: fix use-after-free on unbind The SPI subsystem frees the controller and any subsystem allocated driver data as part of deregistration unless the allocation is device managed. Take another reference before deregistering...

OSV•added 2026/05/27 2:16 p.m.•2 views

UBUNTU-CVE-2026-45851

In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory table The reserveunaccepted function incorrectly calculates the size of the memblock reservation for the unaccepted memory table. It aligns the size of the table, but fails to account for...

CVE•added 2026/05/27 1:21 p.m.•18 views

CVE-2026-23679

CVE-2026-23679 affects libusb 0 but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer, causing an early return without allocating the endpoint array. Exploitation vectors include providing crafted descriptors via libusb_get_active_config_descriptor or libusb_g...

6.9CVSS5.9AI score0.00012EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/27 1:21 p.m.•4 views

CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

6.9CVSS5.9AI score0.00012EPSS

Cvelist•added 2026/05/27 1:21 p.m.•37 views

CVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()

6.9CVSS0.00012EPSS

Cvelist•added 2026/05/27 1:20 p.m.•39 views

CVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.1CVSS0.00012EPSS

EUVD•added 2026/05/27 1:20 p.m.•7 views

EUVD-2026-32500

5.1CVSS5.9AI score0.00012EPSS

Debian CVE•added 2026/05/27 1:20 p.m.•5 views

CVE-2026-47104

5.5CVSS5.9AI score0.00012EPSS

Exploits0

Cvelist•added 2026/05/27 12:59 p.m.•33 views

CVE-2026-46103 can: ucan: fix devres lifetime

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers...

0.00032EPSS

Exploits0References6

CVE•added 2026/05/27 12:59 p.m.•14 views

CVE-2026-46103

In the Linux kernel, a fix for devres lifetime in the can: ucan path addresses memory-management where USB driver resources tied to an interface were not properly released when the driver is unbound (e.g., probe deferral or config changes). The issue affects USB drivers binding to interfaces and ...

5.9AI score0.00032EPSS

Exploits0References6

EUVD•added 2026/05/27 12:59 p.m.•6 views

EUVD-2026-32486

5.9AI score0.00032EPSS

ATTACKERKB•added 2026/05/27 12:58 p.m.•4 views

CVE-2026-46084

In the Linux kernel, the following vulnerability has been resolved: RDMA/manaib: Disable RX steering on RSS QP destroy When an RSS QP is destroyed e.g. DPDK exit, manaibdestroyqprss destroys the RX WQ objects but does not disable vPort RX steering in firmware. This leaves stale steering...

Exploits0References6Affected Software1

Debian CVE•added 2026/05/27 12:58 p.m.•7 views

CVE-2026-46083

In the Linux kernel, the following vulnerability has been resolved: spi: fix resource leaks on device setup failure Make sure to call controller cleanup if spisetup fails while registering a device to avoid leaking any resources allocated by setup...

EUVD•added 2026/05/27 12:58 p.m.•6 views

Exploits0

EUVD-2026-32466

5.8AI score0.00024EPSS

Cvelist•added 2026/05/27 12:58 p.m.•34 views

CVE-2026-46081 crypto: acomp - fix wrong pointer stored by acomp_save_req()

In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acompsavereq acompsavereq stores &req-chain in req-base.data. When acompreqchaindone is invoked on asynchronous completion, it receives &req-chain as the data argument but casts it...

7.8CVSS0.00015EPSS

SUSE CVE•added 2026/05/27 12:57 p.m.•9 views

SUSE CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

5.1CVSS5.9AI score0.00035EPSS