CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3296 matches found

RedhatCVE•added 2026/04/01 1:53 p.m.•3 views

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

8.8CVSS5.9AI score0.00023EPSS

Exploits0References4

Snyk•added 2026/04/01 12:0 a.m.•3 views

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference in the Lua plugin handling. An attacker can access sensitive information by deploying a malicious Lua plugin file in specific system directories, which triggers a dangling pointer to be printed to system logs...

6.8CVSS5.9AI score0.00018EPSS

Exploits0References2

Tenable Nessus•added 2026/04/01 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-27854

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code...

7.5CVSS5.7AI score0.00006EPSS

Exploits0References3

CNNVD•added 2026/04/01 12:0 a.m.•3 views

libinput 代码注入漏洞

libinput is an open-source library from freedesktop. It provides a complete input stack for applications that need to handle input devices provided by the kernel. There is a code injection vulnerability in libinput. This vulnerability allows local attackers to place specially crafted Lua bytecode...

8.8CVSS6AI score0.00023EPSS

Exploits0References3

Snyk•added 2026/04/01 12:0 a.m.•1 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the luaLloadfile plugin in configuration directories. An attacker can execute unauthorized code and access sensitive information by placing a specially crafted Lua bytecode file in a system or user...

8.8CVSS6AI score0.00023EPSS

Exploits0References2

Positive Technologies•added 2026/04/01 12:0 a.m.•2 views

PT-2026-29525

Name of the Vulnerable Software and Affected Versions libinput affected versions not specified Description A flaw exists in libinput where an attacker who can deploy a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collectio...

8.8CVSS5.8AI score0.00023EPSS

Exploits0References10

Positive Technologies•added 2026/04/01 12:0 a.m.•3 views

PT-2026-29524

Name of the Vulnerable Software and Affected Versions libinput affected versions not specified Description A flaw exists in libinput that allows a local attacker to bypass security restrictions by placing a specially crafted Lua bytecode file in specific system or user configuration directories...

8.8CVSS6.2AI score0.00023EPSS

Exploits0References13

CNNVD•added 2026/04/01 12:0 a.m.•2 views

libinput 安全漏洞

libinput is an open-source library from freedesktop. It provides a complete input stack for applications that need to handle input devices provided by the kernel, such as display servers. There is a security vulnerability in libinput, which allows attackers to deploy Lua plugins in specific syste...

5.5CVSS5.8AI score0.00018EPSS

Exploits0References4

SUSE CVE•added 2026/03/31 11:28 p.m.•1 views

SUSE CVE-2026-24028

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...

5.3CVSS5.9AI score0.00006EPSS

Exploits0References4

SUSE CVE•added 2026/03/31 11:28 p.m.•1 views

SUSE CVE-2026-27853

An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535...

5.9CVSS5.9AI score0.00014EPSS

Exploits0References4

RedhatCVE•added 2026/03/31 5:24 p.m.•1 views

CVE-2026-27853

A flaw was found in dnsdist. A remote attacker could send specially crafted DNS responses that, when processed by dnsdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code, may trigger an out-of-bounds write. This vulnerability can lead to a system crash,...

5.9CVSS5.9AI score0.00014EPSS

Exploits0References2

RedhatCVE•added 2026/03/31 5:18 p.m.•2 views

CVE-2026-27854

A flaw was found in DNSdist. An attacker could exploit this by sending crafted DNS queries that interact with the DNSQuestion:getEDNSOptions method in custom Lua code. This interaction can trigger a use-after-free vulnerability, potentially leading to a crash and a denial of service DoS for the...

4.8CVSS5.8AI score0.00006EPSS

Exploits0References2

RedhatCVE•added 2026/03/31 4:25 p.m.•2 views

CVE-2026-24028

A flaw was found in dnsdist and PowerDNS when custom Lua code uses newDNSPacketOverlay to parse DNS packets. A remote attacker could exploit this by sending a specially crafted DNS response packet, leading to an out-of-bounds read. This vulnerability might cause a system crash, resulting in a...

5.3CVSS5.9AI score0.00006EPSS

Exploits0References2

EUVD•added 2026/03/31 12:31 p.m.•2 views

EUVD-2026-17407

5.9CVSS5.9AI score0.00014EPSS

Exploits0References2

EUVD•added 2026/03/31 12:31 p.m.•1 views

EUVD-2026-17409

An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a...

4.8CVSS5.8AI score0.00006EPSS

Exploits0References2