CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 6 days ago•6 views

EUVD-2026-32880

5.8AI score0.00018EPSS

CVE•added 6 days ago•8 views

CVE-2026-46111

The CVE concerns a use-after-free in the Linux kernel Bluetooth stack (hci_conn, BIG creation). The patch adds hci_conn_valid() in create_big_sync() to detect stale connections before BIG creation, handles -ECANCELED in create_big_complete(), and re-validates under hci_dev_lock() before dereferen...

7.8CVSS5.8AI score0.00012EPSS

CVE•added 6 days ago•10 views

CVE-2026-46106

The CVE concerns the Linux kernel eventfs/tracing path. A remount walk over eventfs_inodes could race: tracefs_apply_options() held only an rcu_read_lock() while eventfs_inodes were freed via SRCU, and writes to ei->attr raced with eventfs_set_attr() which holds eventfs_mutex. The fix, describ...

5.7AI score0.00018EPSS

NVD•added 6 days ago•5 views

CVE-2026-9798

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

4.3CVSS0.00053EPSS

Exploits0References2

RedhatCVE•added 6 days ago•3 views

CVE-2026-45849

A flaw was found in the Linux kernel's network component, specifically within the mscc: ocelot driver. The system failed to properly secure access to shared resources during network packet injection, leading to a missing lock protection vulnerability. This oversight could allow a local attacker t...

Cvelist•added 6 days ago•25 views

Exploits0References4

CVE-2026-9798 Keycloak: keycloak: brute-force protection bypass in ciba flow

4.3CVSS0.00053EPSS

Exploits0References2

RedhatCVE•added 6 days ago•3 views

CVE-2026-9798

4.3CVSS5.7AI score0.00053EPSS

CVE•added 6 days ago•18 views

CVE-2026-9798

Keycloak is affected by a flaw where, after a user account is temporarily locked due to repeated failed logins, an attacker with valid client credentials can abuse the Client-Initiated Backchannel Authentication (CIBA) flow to bypass the lock. This allows continued authentication attempts and tok...

4.3CVSS5.7AI score0.00053EPSS

Exploits0References2Affected Software1

EUVD•added 6 days ago•3 views

EUVD-2026-32717

4.3CVSS5.7AI score0.00053EPSS

Exploits0References2

SUSE CVE•added 6 days ago•4 views

SUSE CVE-2026-45849

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

SUSE CVE•added 6 days ago•4 views

SUSE CVE-2026-45897

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftcounter: serialize reset with spinlock Add a global static spinlock to serialize counter fetch+reset operations, preventing concurrent dump-and-reset from underrunning values. The lock is taken before fetching the...

5.7AI score0.00024EPSS

SUSE CVE•added 6 days ago•7 views

SUSE CVE-2026-45901

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: revert commitmutex usage in reset path It causes circular lock dependency between commitmutex, nfnlsubsysipset and nlkcbmutex when nft reset, ipset list, and iptables-nft with '-m set' rule run at the same...

5.8AI score0.00024EPSS

SUSE CVE•added 6 days ago•3 views

SUSE CVE-2026-45904

In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: fix recursive pcilockrescanremove locking in EEH event handling The recent commit 1010b4c012b0 "powerpc/eeh: Make EEH driver device hotplug safe" restructured the EEH driver to improve synchronization with the PCI...

SUSE CVE•added 6 days ago•5 views

SUSE CVE-2026-45907

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlocks between devlink and netdev instance locks In the mentioned "Fixes" commit, various work tasks triggering devlink health reporter recovery were switched to use netdevtrylock to protect against concurrent...

5.8AI score0.00022EPSS

SUSE CVE•added 6 days ago•5 views

SUSE CVE-2026-45924

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbdvfskernpathendremoving on some error paths There are two places where ksmbdvfskernpathendremoving needs to be called in order to balance what the corresponding successful call to ksmbdvfskernpathstartremoving has...

SUSE CVE•added 6 days ago•5 views

SUSE CVE-2026-45942

In the Linux kernel, the following vulnerability has been resolved: ext4: fix e4b bitmap inconsistency reports A bitmap inconsistency issue was observed during stress tests under mixed huge-page workloads. Ext4 reported multiple e4b bitmap check failures like: ext4mbcomplexscangroup:2508: group...

5.7AI score0.00013EPSS

SUSE CVE•added 6 days ago•6 views

SUSE CVE-2026-46008

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damoswalk vs kdamondfn exit race When kdamondfn main loop is finished, the function cancels remaining damoswalk request and unset the damonctx-kdamond so that API callers and API functions themselves can show t...

5.7AI score0.00024EPSS

SUSE CVE•added 6 days ago•3 views

SUSE CVE-2026-46017

In the Linux kernel, the following vulnerability has been resolved: mm: fix deferred split queue races during migration migratefoliomove records the deferred split queue state from src and replays it on dst. Replaying it after removemigrationptessrc, dst, 0 makes dst visible before it is requeued...

5.8AI score0.00024EPSS