CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/06/02 12:0 a.m.•20 views

Bastet: A Fine-Grained Expert-Labeled Dataset for DeFi Smart Contract Vulnerability Detection

Smart contract vulnerabilities in Decentralized Finance DeFi protocols resulted in over 1.49 billion USD in confirmed losses in 2024 alone, across 192 incidents 1. As LLM-based vulnerability detection emerges as a promising approach to address these threats, the quality of evaluation datasets has...

5.8AI score

Exploits0

Positive Technologies•added 2026/05/27 12:0 a.m.•10 views

PT-2026-43687

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Smack access control module where writing a previously used value to the '/smack/doi' endpoint disables networking for non-ambient labels. This occurs because the...

5.4AI score0.00216EPSS

Exploits0References17

Packet Storm News•added 2026/05/22 12:0 a.m.•10 views

FALCON-C: Flow-Based Analysis and Labeling for Connected Vehicular Network Cybersecurity

Along with the recent rise in popularity of Electric Vehicles EVs, Electric Vehicle Supply Equipment EVSE has emerged as a new target for cyber attacks. Therefore, ensuring the security and integrity of network communication between EVSE components and vehicular clients is a significant challenge...

5.8AI score

Exploits0

CVE•added 2026/05/11 4:46 p.m.•12 views

CVE-2026-44999

OpenClaw CVE-2026-44999 affects the OpenClaw component prior to version 2026.4.20. The issue is a trust-labeling flaw for isolated cron awareness events: untrusted labels can be preserved for webhook-triggered cron agent output, causing such output to be recorded as trusted System events. This ca...

6.3CVSS5.8AI score0.00151EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/11 4:46 p.m.•7 views

CVE-2026-44999 OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events

OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering...

6.3CVSS5.8AI score0.00151EPSS

Cvelist•added 2026/05/11 4:46 p.m.•29 views

CVE-2026-44999 OpenClaw < 2026.4.20 - Improper Trust Labeling in Isolated Cron Awareness Events

6.3CVSS0.00151EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability in libvirt

A flaw was discovered in libvirt during its generation of SELinux MCS category pairs for virtual machines’ dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breach of sVirt confinement. The greatest threat posed by this vulnerability...

6.3CVSS6.7AI score0.00493EPSS

GithubExploit•added 2026/05/01 1:43 a.m.•116 views

Exploit for CVE-2026-31431

CVE-2026-31431 / GHSA-2274-3hgr-wxv6 — algifaead Remediator...

7.8CVSS6.2AI score0.96775EPSS

Exploits228

RedhatCVE•added 2026/04/24 8:32 p.m.•5 views

CVE-2026-35376

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh path lookup via ftsaccpath rather than binding the traversal and label application to the specific directory...

5.8CVSS5.3AI score0.00088EPSS

Exploits0References2

EUVD•added 2026/04/22 6:31 p.m.•5 views

EUVD-2026-25028

4.5CVSS5.8AI score0.00088EPSS

EUVD•added 2026/04/22 6:31 p.m.•4 views

EUVD-2026-25004

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...

OSV•added 2026/04/22 6:31 p.m.•3 views

Exploits1References3

GHSA-79RC-QPW3-JV92 uutils coreutils has an Improper Preservation of Permissions issue

NVD•added 2026/04/22 5:16 p.m.•4 views

Exploits1References5

CVE-2026-35361

4.4CVSS0.00142EPSS

Vulnrichment•added 2026/04/22 4:8 p.m.•6 views

CVE-2026-35361 uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems

Cvelist•added 2026/04/22 4:8 p.m.•26 views

CVE-2026-35361 uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems

3.4CVSS0.00142EPSS

CVE•added 2026/04/22 4:8 p.m.•10 views

CVE-2026-35361

The CVE-2026-35361 issue affects the mknod utility in uutils coreutils. It describes non-atomic handling of security labels for created device nodes: mknod creates the nodes before applying the SELinux context, and on labeling failure attempts cleanup via std::fs::remove_dir, which cannot remove ...

4.4CVSS5.8AI score0.00142EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2026/04/22 12:0 a.m.•5 views

PT-2026-34497

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind...