CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 1 hour ago•6 views

CVE-2026-46302

CVE-2026-46302 affects the Linux kernel, where the /sys/fs/selinux/policy file could be opened multiple times, allowing a process to block others from reading the policy. The patch eliminates the policy_opened flag and tightens the policy mutex critical section, removing some extraneous checks. T...

5.5AI score

CVE•added 1 hour ago•5 views

CVE-2026-46298

CVE-2026-46298 : In the Linux kernel, a race during ioctl or release handling on pseries/papr-hvpipe could deadlock if an interrupt fires on the same CPU. The fix makes the affected lock usage use spin_lock_irqsave/restore to prevent the deadlock. The issue is resolved by the patch in the cited s...

5.5AI score

NVD•added 1 hour ago•4 views

CVE-2026-46299

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the subsequent call to hfspluscatbuildkey fails, the function jumps to the...

NVD•added 1 hour ago•2 views

CVE-2026-46293

In the Linux kernel, the following vulnerability has been resolved: clk: microchip: mpfs-ccc: fix out of bounds access during output registration UBSAN reported an out of bounds access during registration of the last two outputs. This out of bounds access occurs because space is only allocated in...

Exploits0References6

CVE•added 1 hour ago•4 views

CVE-2026-46287

In the Linux kernel, the net/txgbe driver for copper NICs with external PHY fixed an RTNL assertion warning that occurred during module removal. The root cause was phylink_disconnect_phy() being called during remove without proper RTNL protection, triggering an assertion in phylink_disconnect_phy...

5.4AI score

NVD•added 1 hour ago•2 views

CVE-2026-46287

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix RTNL assertion warning when remove module For the copper NIC with external PHY, the driver called phylinkconnectphy during probe and phylinkdisconnectphy during remove. It caused an RTNL assertion warning in...

ATTACKERKB•added 2 hours ago•1 views

CVE-2026-46311

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...

Exploits0References3

ATTACKERKB•added 2 hours ago•1 views

CVE-2026-46299

Exploits0References6Affected Software1

EUVD•added 2 hours ago•2 views

EUVD-2026-35165

EUVD•added 3 hours ago•2 views

EUVD-2026-35152

ATTACKERKB•added 3 hours ago•1 views

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS

Exploits0References3Affected Software1

SUSE CVE•added yesterday•3 views

SUSE CVE-2026-11221

Insufficient validation of untrusted input in PointerLock in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00034EPSS

Tenable Nessus•added 2 days ago•4 views

EulerOS Virtualization 2.13.1 : python-virtualenv (EulerOS-SA-2026-2148)

According to the versions of the python-virtualenv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU...

4.5CVSS5.4AI score0.00016EPSS

Tenable Nessus•added 2 days ago•6 views

EulerOS Virtualization 2.12.1 : python-virtualenv (EulerOS-SA-2026-2088)

4.5CVSS5.4AI score0.00016EPSS

RedhatCVE•added 3 days ago•4 views

CVE-2025-10908

Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow...

7.3CVSS5.5AI score0.00073EPSS

RedhatCVE•added 3 days ago•7 views

CVE-2026-28965

A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.5 and iPadOS 26.5. A user may be able to view restricted content from the lock screen...

7.5CVSS5.4AI score0.00044EPSS

RedhatCVE•added 3 days ago•5 views

CVE-2026-47331

Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-free UAF and, theoretically, arbitrary code execution...

7.8CVSS5.7AI score0.00015EPSS

RedhatCVE•added 3 days ago•6 views

CVE-2024-0391

The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage...

5.3CVSS5.5AI score0.00036EPSS

RedHat Linux•added 4 days ago•5 views

kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

A use-after-free flaw was found in the Linux kernel's iSCSI target subsystem. In the iscsitdecconnusagecount function, complete is called while still holding the conn-connusagelock spinlock. The waiting thread such as iscsitcloseconnection may wake up immediately and free the iscsitconn structure...

7.8CVSS5.8AI score0.00018EPSS