CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

645 matches found

SUSE CVE-2026-46258

In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandlecreate In linehandlecreate, there is a statement like this: retainandnullptrlh; Soon after, there is a debug printout that dereferences "lh", which will crash things. Avoid the cras...

5.8AI score

Exploits0References2

NVD•added yesterday•4 views

CVE-2026-46258

Exploits0References2

Cvelist•added yesterday•9 views

CVE-2026-46258 gpio: cdev: Avoid NULL dereference in linehandle_create()

Exploits0References2

EUVD•added yesterday•3 views

EUVD-2026-34120

5.8AI score

Exploits0References2

CVE•added yesterday•3 views

CVE-2026-46258

In CVE-2026-46258, the Linux kernel gpio: cdev sub-system fixes a NULL dereference in linehandle_create(). The code retains lh with retain_and_null_ptr(lh) and later dereferences lh in a debug print, leading to a crash. The approved workaround/fix is to use handlereq.lines, which holds the same v...

5.8AI score

Exploits0References2

ATTACKERKB•added yesterday•2 views

CVE-2026-46258

5.8AI score

Exploits0References3Affected Software1

Positive Technologies•added yesterday•6 views

PT-2026-46021

In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandle create In linehandle create, there is a statement like this: retain and null ptrlh; Soon after, there is a debug printout that dereferences "lh", which will crash things. Avoid the...

5.8AI score

Exploits0References3

NVD•added 3 days ago•8 views

CVE-2026-10222

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitizeenvlines of the file hermescli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...

6.3CVSS0.00047EPSS

Exploits0References5

CVE•added 3 days ago•15 views

CVE-2026-10222

CVE-2026-10222 concerns NousResearch hermes-agent (up to 2026.4.30). The vulnerability affects the function _sanitize_env_lines in hermes_cli/config.py, enabling injection and remote exploitation. Reported attack complexity is high; exploit has been released publicly and can be used for attacks. ...

6.3CVSS5.5AI score0.00047EPSS

Exploits0References5

EUVD•added 3 days ago•9 views

EUVD-2026-33555

6.3CVSS5.2AI score0.00047EPSS

Exploits0References5

Positive Technologies•added 3 days ago•7 views

PT-2026-45266

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitize env lines of the file hermes cli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...

6.3CVSS5.5AI score0.00047EPSS

Exploits0References6

CNNVD•added 3 days ago•3 views

Hermes Agent security vulnerabilities

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability, which was caused by a problem with the sanitizeenvlines function in the hermescli/config.py file. This vulnerability...

6.3CVSS6.2AI score0.00047EPSS

Exploits0References5

Github Security Blog•added 6 days ago•7 views

vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter

Summary defaultSandboxPrepareStackTrace in lib/setup-sandbox.js lines 605, 607 appends to a fresh sandbox-realm lines = via lineslines.length = value. This is the exact invariant-violating pattern that GHSA-9qj6-qjgg-37qq commit ca195f0, 2026-05-01 just patched in neutralizeArraySpeciesBatch and...

5.8AI score

Exploits0References4Affected Software1

NVD•added last week•8 views

CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS0.00064EPSS

Exploits0References7

OSV•added last week•3 views

UBUNTU-CVE-2026-49130

6.9CVSS5.8AI score0.00064EPSS

Exploits0References9

CVE•added last week•8 views

CVE-2026-49130

MPD (Music Player Daemon) prior to version 0.24.11 is affected by a CRLF injection vulnerability in the XSPF playlist plugin’s xspf_char_data function. By supplying a malicious XSPF playlist that exploits XML numeric character references, an attacker can cause Expat decoding to insert literal CR/...

6.9CVSS5.8AI score0.00064EPSS

Exploits0References7

OSV•added last week•2 views

UBUNTU-CVE-2026-46200

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix controller deregistration Make sure to deregister the controller before disabling and releasing underlying resources like interrupts and gpios during driver unbind...

5.7AI score0.00023EPSS

Exploits0References7

EUVD•added last week•5 views

EUVD-2026-32827

5.8AI score0.00023EPSS

Exploits0References4

NVD•added last week•11 views

CVE-2026-7621

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS0.00046EPSS

Exploits0References11

Positive Technologies•added 2026/05/28 12:0 a.m.•7 views

PT-2026-44497

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspf char data function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.00064EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by