CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Wolfi•added 2026/01/31 1:48 p.m.•6 views

CVE-2025-61726 vulnerabilities

Vulnerabilities for packages: xeol, nats-top, gatekeeper, litestream, secrets-store-csi-driver-provider-aws, bento, s5cmd, mc, dbmate, tetragon, contour, crossplane-provider-aws-elasticache, cloud-provider-azure, rancher-helm, ksops, wave, blobfuse2, vault-k8s, clickhouse-operator, conftest, flux...

7.5CVSS6.8AI score0.00789EPSS

UbuntuCve•added 2026/01/31 12:16 p.m.•5 views

CVE-2026-23028

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmipidestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmipidestroy is not currently doing this, that...

OSV•added 2026/01/31 12:16 p.m.•0 views

Exploits0References4

UBUNTU-CVE-2026-23028

OSV•added 2026/01/31 11:42 a.m.•3 views

Exploits0References5

CVE-2026-23029 LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy()

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmeiointcdestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmeiointcdestroy is not currently doing...

CVE•added 2026/01/31 11:42 a.m.•11 views

Exploits0References5

CVE-2026-23028

In the Linux kernel for LoongArch KVM, a memory-leak was reported: kvm_ioctl_create_device() allocated memory for kvm_device, but kvm_ipi_destroy() did not free the kvm_device struct, causing a leak. The issue is resolved by ensuring kvm_ipi_destroy() frees the allocated kvm_device, preventing th...

EUVD•added 2026/01/31 11:42 a.m.•3 views

EUVD-2026-5066

Cvelist•added 2026/01/31 11:42 a.m.•27 views

CVE-2026-23028 LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()

0.00194EPSS

Debian CVE•added 2026/01/31 11:42 a.m.•3 views

CVE-2026-23028

5.2AI score0.00194EPSS

Tenable Nessus•added 2026/01/31 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmpchpicdestroy In kvmioctlcreatedevice, kvmdevice ha...

5.5AI score0.00194EPSS

IBM Security Bulletins•added 2026/01/30 4:53 p.m.•10 views

Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System

Summary Vulnerabilities in VMware ESXi affect IBM Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities. Cloud Pak Sytem has delivered updated workload nodes to VMware ESXi 83U3g. Vulnerability Details CVEID:CVE-2025-41236 DESCRIPTION: VMware ESXi, Workstation, and Fusion contain a...

9.3CVSS6.2AI score0.02107EPSS

Exploits2Affected Software1

Packet Storm News•added 2026/01/29 12:0 a.m.•4 views

Hardware-Triggered Backdoors

Machine learning models are routinely deployed on a wide range of computing hardware. Although such hardware is typically expected to produce identical results, differences in its design can lead to small numerical variations during inference. In this work, we show that these variations can be...

5.9AI score

Packet Storm News•added 2026/01/29 12:0 a.m.•10 views

A Systematic Literature Review on LLM Defenses against Prompt Injection and Jailbreaking: Expanding NIST Taxonomy

The rapid advancement and widespread adoption of generative artificial intelligence GenAI and large language models LLMs has been accompanied by the emergence of new security vulnerabilities and challenges, such as jailbreaking and other prompt injection attacks. These maliciously crafted inputs...

5.4AI score

OSV•added 2026/01/28 1:59 p.m.•4 views

MAL-2026-581 Malicious code in somesomesomesome (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501ce83717dc490a4b5550820a3d811bc7a90579dbf986bfb3013d0997ae3802 The package somesomesomesome was found to contain malicious code. Source: ghsa-malware 6ac6ff72ae68c24308f36c03065bd3d4f95aea678ce410a4edb706f73499e6...

5.5AI score

Exploits0References1

EUVD•added 2026/01/27 9:8 p.m.•5 views

EUVD-2026-4740

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

5.9CVSS5.8AI score0.00265EPSS

Exploits0References3

Vulnrichment•added 2026/01/27 9:8 p.m.•3 views

CVE-2026-24738 gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

5.9CVSS5.8AI score0.00265EPSS

Exploits0References3

AlpineLinux•added 2026/01/27 4:1 p.m.•5 views

CVE-2025-15469

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

5.5CVSS5.8AI score0.00176EPSS

Exploits1

Xen Project•added 2026/01/27 12:0 p.m.•7 views

varstored: TOCTOU issues with mapped guest memory

ISSUE DESCRIPTION varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the...

6.4AI score