CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

219 matches found

Important: nerdctl

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

10CVSS5.8AI score0.00068EPSS

Exploits0

Amazon•added yesterday•4 views

Important: rclone

Issue Overview: The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated client...

9.1CVSS5.6AI score0.00054EPSS

Exploits0

Amazon•added yesterday•4 views

Important: containerd

10CVSS5.6AI score0.00054EPSS

Exploits0

Amazon•added yesterday•3 views

Important: containerd

10CVSS5.6AI score0.00054EPSS

Exploits0

Amazon•added yesterday•4 views

Important: nerdctl

10CVSS5.8AI score0.00068EPSS

Exploits0

Amazon•added yesterday•2 views

Important: containerd

10CVSS5.6AI score0.00054EPSS

Exploits0

Tenable Nessus•added 2026/05/25 12:0 a.m.•11 views

Linux Distros Unpatched Vulnerability : CVE-2026-39829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could...

7.5CVSS5.8AI score0.00035EPSS

Exploits0References3

SUSE CVE•added 2026/05/23 1:29 a.m.•11 views

SUSE CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.00035EPSS

Exploits0References3

OSV•added 2026/05/22 4:16 a.m.•1 views

UBUNTU-CVE-2026-39829

7.5CVSS5.8AI score0.00035EPSS

Exploits0References7

UbuntuCve•added 2026/05/22 12:0 a.m.•8 views

CVE-2026-39829

7.5CVSS5.8AI score0.00035EPSS

Exploits0References6

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в golang-1.19

Extremely large RSA keys in certificate chains can cause clients and servers to spend significant CPU time verifying signatures. With this fix, the size of RSA keys transmitted during handshake operations is limited to 8192 bits or less. Based on a survey of publicly trusted RSA keys, there are...

5.3CVSS6.6AI score0.00122EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The issue of slub overflow in ksmbddecodentlmsspauthblob has been fixed. If authblob-SessionKey.Length is larger than the size of the session key CIFSKEYSIZE, slub overflow can occur in the key exchange process. The functi...

7.8CVSS6.3AI score0.00478EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•9 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: l2cap: Check the encryption key size during incoming connections. This is required for passing the GAP/SEC/SEM/BI-04-C PTS test case: - Security Mode: 4, Level: 4, Responder: Invalid Encryption Key Size - Key Size:...

8.1CVSS5.5AI score0.00007EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa – Mitigation of integer overflows in DIVROUNDUP. Herbert notes that DIVROUNDUP may cause overflows unnecessarily if the -keysize callback of an ecdsa implementation returns an unusually large value. Instead, Herbert...

5.5CVSS6.2AI score0.00081EPSS

Exploits0References2

Github Security Blog•added 2026/05/07 9:8 p.m.•7 views

Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery

Summary No minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. HS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the signing...

10CVSS5.9AI score0.00009EPSS

Exploits0References5Affected Software1

SUSE CVE•added 2026/05/07 2:17 a.m.•4 views

SUSE CVE-2026-43134

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAPLECONNREQ This adds a check for encryption key size upon receiving L2CAPLECONNREQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAPCRLEBADKEYSIZE...

5.8AI score0.00019EPSS

Exploits0References3

RedhatCVE•added 2026/05/06 6:13 p.m.•4 views

CVE-2026-43134

A flaw was found in the Linux kernel's Bluetooth Low Energy LE Logical Link Control and Adaptation Protocol L2CAP. A missing check for encryption key size when processing connection requests could allow a remote attacker to send a malformed request. This could lead to a protocol violation,...

8.1CVSS5.8AI score0.00019EPSS

Exploits0References4