CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

238 matches found

CVE-2026-3195

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

7.4CVSS0.00112EPSS

Exploits0References2

CVE•added 5 days ago•13 views

CVE-2026-3195

CVE-2026-3195 : In QEMU’s virtio-snd, the heap buffer overflow occurs in the input callback (virtio_snd_pcm_in_cb) due to an incomplete bounds/iov check. The Attackerkb entry reiterates that the function does not verify whether the iov can fit the data buffer, enabling a heap out-of-bounds write....

7.4CVSS5.8AI score0.00112EPSS

Exploits0References2

ATTACKERKB•added 5 days ago•6 views

CVE-2026-3195

7.4CVSS5.8AI score0.00112EPSS

Exploits0References3Affected Software6

AstraLinux•added 5 days ago•1 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: block: Do not revert the iterator for -EIOCBQUEUED. The blkdevreaditer function includes some unusual checks. For example, it gates the position and count adjustment based on whether the result is greater than or equal to zero...

5.5CVSS6.1AI score0.00166EPSS

Exploits0References2

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd: check num of link levels when update pcie param In the SR-IOV environment, the value of pcietable-numoflinklevels will be 0, and numoflevels - 1 will cause an array index out of bounds...

7.8CVSS6.1AI score0.00262EPSS

Exploits0References2

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed an oops due to uninitialized variables in smb2unlink. If SMB2openinit or SMB2closeinit fails e.g., due to reconnection, the iovs structure @rqst may remain uninitialized. As a result, calling SMB2openfree,...

5.5CVSS5.3AI score0.00121EPSS

Exploits0References1

CVE•added 2026/06/08 3:46 p.m.•30 views

CVE-2026-46289

In the Linux kernel, CVE-2026-46289 concerns bugs in lib/scatterlist during extract_kvec_to_sg when transferring data from a kvec to a sglist. The main issues: (1) the computed length for a sglist entry can exceed the page size, causing overread; (2) while extracting a user buffer, the sglist can...

9.8CVSS5.4AI score0.00457EPSS

Exploits0References5

Positive Technologies•added 2026/06/08 12:0 a.m.•11 views

PT-2026-47361

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.3 through 6.5 Description Issues exist in the extract kvec to sg function within the scatterlist library. When extracting from a kvec to a scatterlist, the length for an sglist entry can exceed the number of bytes in th...

9.8CVSS5.5AI score0.00457EPSS

Exploits1References65

SUSE CVE•added 2026/05/29 1:16 a.m.•17 views

SUSE CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

7CVSS5.8AI score0.00478EPSS

Exploits0References4

NVD•added 2026/05/28 10:16 a.m.•12 views

CVE-2026-46207

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtiotransportbuildskb goes through virtiotransportcopynonlinearskb to copy the original payload in the new skb to be delivered to the vsockm...

5.5CVSS0.00127EPSS

Exploits0References4

OSV•added 2026/05/28 10:16 a.m.•8 views

UBUNTU-CVE-2026-46115

In the Linux kernel, the following vulnerability has been resolved: block: add pgmap check to biovecphysmergeable biovecphysmergeable is used by the request merge, DMA mapping, and integrity merge paths to decide if two physically contiguous bvec segments can be coalesced into one. It currently h...

9.8CVSS5.7AI score0.00491EPSS

Exploits0References8

SUSE CVE•added 2026/05/28 3:55 a.m.•9 views

SUSE CVE-2026-45972

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL, otherwise a double free...

5.8AI score0.00497EPSS

Exploits0References3

Positive Technologies•added 2026/05/28 12:0 a.m.•11 views

PT-2026-44330

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the vsock/virtio component where non-linear skbs socket buffers result in an empty payload in the tap skb. The virtio transport build skb function utilizes virtio...

9.8CVSS5.9AI score0.005EPSS

Exploits0References289

Positive Technologies•added 2026/05/28 12:0 a.m.•17 views

PT-2026-44278

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the smb2 compound op function. This occurs when a server sends a truncated response with a large OutputBufferLength and terminates the EA list early. In...

9.1CVSS5.9AI score0.00478EPSS

Exploits0References291

NVD•added 2026/05/21 12:16 p.m.•13 views

CVE-2026-43494

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails When iovitergetpages2 fails in rdsmessagezcopyfromuser, the pinned pages are released with putpage, and rm-data.opmmpznotifier is cleared. But we fail to properly clear...

7.8CVSS0.00257EPSS

Exploits2References10

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb/server: The function ksmbdsessionrpcclose is called on the error path in the createsmb2pipe function. When the ksmbdiovpinrsp function fails, we should call ksmbdsessionrpcclose...

7.8CVSS5.7AI score0.0013EPSS

Exploits0References1

RedHat Linux•added 2026/05/19 1:31 p.m.•13 views

kernel: bpf: fix ktls panic with sockmap

In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap 2172.936997 ------------ cut here ------------ 2172.936999 kernel BUG at lib/ioviter.c:629! ...... 2172.944996 PKRU: 55555554 2172.945155 Call Trace: 2172.945299 2172.945428 ? die+0x36/0x90...

5.5CVSS6.2AI score0.00147EPSS

Exploits0References5

RedHat Linux•added 2026/05/19 9:4 a.m.•15 views

kernel: bpf: fix ktls panic with sockmap

5.5CVSS6.2AI score0.00147EPSS

Exploits0References5

NVD•added 2026/05/08 3:16 p.m.•5 views

CVE-2026-43362

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

8.1CVSS0.00217EPSS

Exploits0References5

CVE•added 2026/05/08 2:21 p.m.•19 views

CVE-2026-43362

CVE-2026-43362 affects the Linux kernel SMB client by an in-place encryption flaw in SMB2_write(), where the write payload could be replaced with ciphertext during retries on unstable connections. The root cause is that smb3_init_transform_rq() shares rq_iov, causing crypt_message() to in-place-e...

8.1CVSS5.8AI score0.00217EPSS

Exploits0References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by