CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.5CVSS6.5AI score0.00074EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix module loading without patchable function entries getstubssize assumes that there must always be at least one patchable function entry, which is not always the case modules that export data but no code,...

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: This issue is fixed if the listversions function races with the module loading process. listversions will first estimate the required space using the dmtargetiteratelistversiongetneeded, &needed call, and then fill that...

4.7CVSS6.5AI score0.00031EPSS

6.4CVSS6.6AI score0.00139EPSS

Astra Linux - уязвимость в twitter-bootstrap3

A security vulnerability has been discovered in Bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is related to the “data-loading-text” attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into this attribute,...

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в perl

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any...

5.9CVSS6.9AI score0.00031EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в glibc

A vulnerable environment variable in the Untrusted LDLIBRARYPATH setting in the GNU C Library, versions 2.27 to 2.38, allows attackers to control the loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or...

7.8CVSS7AI score0.00043EPSS

Exploits1References2

4.3CVSS5.7AI score0.00171EPSS

Astra Linux - уязвимость в firefox

The exception page for the HTTPS-Only feature, which appears when a website is accessed via HTTP, lacked an anti-clickjacking mechanism. This allowed attackers to trick users into granting an exception and loading a webpage via HTTP. This vulnerability has been fixed in Firefox 140 and Thunderbir...

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...

7.1CVSS6.3AI score0.00014EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: crypto: cavium – prevents integer overflow during firmware loading The value of “codelength” comes from the firmware file. If your firmware is untrusted, there’s probably very little you can do to protect yourself. Nevertheless, ...

5.5CVSS6AI score0.00021EPSS

7.5CVSS6.7AI score0.05651EPSS

Astra Linux - уязвимость в c3p0

C3P0 versions less than 0.9.5.4 may be exploited by a “billion laughs attack” when loading XML configuration, due to the lack of protections against recursive entity expansion during the loading of configuration files...

Exploits1References2

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в firefox

A use-after-free condition existed in NotifyOnHistoryReload where a LoadingSessionHistoryEntry object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox 115...

8.8CVSS8.7AI score0.00248EPSS

NVD•added 2026/05/01 8:16 a.m.•2 views

CVE-2026-7584

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

8.4CVSS0.00043EPSS

Cvelist•added 2026/05/01 7:21 a.m.•24 views

CVE-2026-7584 Arbitrary Code Execution via Unsafe Deserialization in LabOne Q

8.4CVSS0.00043EPSS

CVE•added 2026/05/01 7:21 a.m.•3 views

CVE-2026-7584

The CVE describes an Arbitrary Code Execution in LabOne Q caused by unsafe deserialization: its serialization framework uses a class-loading mechanism (import_cls) that accepted fully-qualified class names without validating targets or restricting modules. An attacker can craft a malicious serial...

8.4CVSS6.3AI score0.00043EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/01 7:21 a.m.•2 views

CVE-2026-7584

8.4CVSS6.3AI score0.00043EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/01 7:21 a.m.•1 views

EUVD-2026-26483

8.4CVSS6.3AI score0.00043EPSS

CNNVD•added 2026/05/01 12:0 a.m.•3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to validate encsize when loading LTK in the Bluetooth MGMT protocol, which could result in a stack...

7.8CVSS6.1AI score0.00015EPSS

CNNVD•added 2026/05/01 12:0 a.m.•4 views

Apache MINA 代码问题漏洞

Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. There were code vulnerabilities in versions of Apache MINA from 2.1.0 to 2.1.11, as well as in...

9.8CVSS6.8AI score0.00287EPSS

Snyk•added 2026/04/30 12:39 p.m.•6 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the VectorImage component when a user is tricked into loading a specially crafted SVG file. An attacker can execute arbitrary QML or JavaScript code by embedding malicious payloads within the SVG, potentiall...

9.3CVSS6.1AI score0.00011EPSS