CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added yesterday•3 views

EUVD-2026-38960

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix linked reg delta tracking when srcreg == dstreg Consider the case of rX += rX where srcreg and dstreg are pointers to the same bpfregstate in adjustregminmaxvals. The latter first modifies the dstreg in-place, and later ...

5.5AI score

Circl•added 2 days ago•7 views

CVE-2026-10521

creationtimestamp| type| source ---|---|--- 2026-06-23 07:36:29+00:00| seen| https://infosec.exchange/users/certvde/statuses/116798271507262478 2026-06-23 07:45:43+00:00| seen| https://infosec.exchange/users/certvde/statuses/116798307883543003 2026-06-23 11:20:33+00:00| seen|...

8.6CVSS5.8AI score0.00306EPSS

Exploits0References5

Circl•added 3 days ago•5 views

CVE-2026-7167

creationtimestamp| type| source ---|---|--- 2026-06-22 16:12:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3movbo42pdw22...

6.9CVSS5.8AI score0.00357EPSS

AstraLinux•added 6 days ago•7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas-hwptlist twice. The hwpt is only added to the hwptlist during its creation; it is never added again. This issue seems to be leftover from previous revisions. Adding an hwpt twice may...

5.2AI score0.00189EPSS

NVD•added last week•9 views

CVE-2026-42487

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

7.9CVSS0.00095EPSS

CVE•added last week•34 views

CVE-2026-42487

CVE-2026-42487 concerns the Xen hypervisor’s handling of x86 HVM I/O port list traversal. The root cause stated in the sources is that traversal of the linked list used for guest I/O port accesses requires synchronization with updates to the translation/mapping (XEN_DOMCTL_ioport_mapping), but th...

7.9CVSS5.2AI score0.00095EPSS

Cvelist•added last week•14 views

CVE-2026-42487 x86 HVM I/O port list traversal

0.00095EPSS

The Hacker News•added 2026/06/15 7:44 p.m.•15 views

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails

A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the...

5.6AI score

Exploits0

Circl•added 2026/06/15 4:47 p.m.•6 views

CVE-2019-25746

creationtimestamp| type| source ---|---|--- 2026-06-15 16:47:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3modqest7632u...

7.1CVSS4.9AI score0.00226EPSS

The Hacker News•added 2026/06/12 6:17 p.m.•28 views

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant , says it backdoored the PAM and OpenSSH components that decide who is allowed to sign i...

6.7CVSS5.8AI score0.04271EPSS

Exploits1

EUVD•added 2026/06/12 4:25 p.m.•7 views

EUVD-2026-36505

Capgo Console prior to 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly...

7.1CVSS5.2AI score0.00329EPSS

Circl•added 2026/06/11 5:1 p.m.•7 views

CVE-2026-38581

creationtimestamp| type| source ---|---|--- 2026-06-11 17:01:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnzpc36i4v2g 2026-06-11 17:38:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnzrdagmfn2m...

9.8CVSS5.3AI score0.00329EPSS

Exploits1References2

Cvelist•added 2026/06/10 8:22 p.m.•27 views

CVE-2026-42462 Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its...

7CVSS0.00171EPSS

EUVD•added 2026/06/10 8:22 p.m.•10 views

EUVD-2026-36127

7CVSS5.5AI score0.00171EPSS

Vulnrichment•added 2026/06/10 8:22 p.m.•5 views

CVE-2026-42462 Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

7CVSS5.5AI score0.00171EPSS

CVE•added 2026/06/10 8:22 p.m.•19 views

CVE-2026-42462

CVE-2026-42462 describes an LD-Signature bypass in Fedify caused by JSON-LD named-graph restructuring. The issue allows an attacker to reorganize a signed JSON-LD payload (via features like @graph, @reverse, @included) in a way that changes how the signed ActivityPub activity is interpreted witho...

7CVSS5.5AI score0.00171EPSS

The Hacker News•added 2026/06/10 4:8 p.m.•13 views

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

Cybersecurity researchers have warned of a "resurgence and expansion" of JDY , a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO small office and home office and IoT devices and operates as a centrally controlled, high-performanc...

5.6AI score

Exploits0

Circl•added 2026/06/10 8:0 a.m.•12 views

CVE-2026-47921

creationtimestamp| type| source ---|---|--- 2026-06-10 08:00:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnwalzqkz62p 2026-06-10 14:14:55+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mnwvj2vwsu2k...

7.8CVSS5.3AI score0.00168EPSS