CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/20 7:41 a.m.•5 views

CVE-2026-9059

9.3CVSS6AI score0.00287EPSS

5.5CVSS5.7AI score0.00112EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dm mpath: Added the missing dmputdevice call when failing to obtain the scsi dh name. When commit fd81bc5cca8f “scsi: devicehandler: Returning an error pointer in scsidhattachedhandlername”, code was added to fail the parsing of...

AstraLinux•added 2026/05/20 5:53 a.m.•7 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: This issue is fixed if the listversions function races with the module loading process. listversions will first estimate the required space using the dmtargetiteratelistversiongetneeded, &needed call, and then fill that...

4.7CVSS6.4AI score0.00131EPSS

7.8CVSS5.3AI score0.00117EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: The stale values of rq-bio have been observed to cause double initialization of cloned bios in request-based device-mapper targets. This leads to use-after-free and double-free scenarios. One such case occurs when using...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dm: Do not attempt to queue IO under RCU protection. The dm function looks up the table for IO based on the request type. It assumes that if the request is marked as REQNOWAIT, it’s safe to attempt to submit that IO while under t...

5.4AI score0.00189EPSS

5.5CVSS5.8AI score0.00266EPSS

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: dm mirror log: The bitsetsize is rounded up to BITSPERLONG. The code in dm-log rounds up bitsetsize to 32 bits. Then, it uses findnextzerobitle on the allocated region. findnextzerobitle accesses the bitmap using unsigned long...

7.8CVSS6.4AI score0.00271EPSS

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - dm btree remove: fixed the use of a function after the free operation in rebalancechildren. - Moved the dmtmunlock function to after dmtmdec...

4.4CVSS6.7AI score0.00223EPSS

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A denial-of-service issue was detected, possibly due to a recursive locking scenario, which led to a deadlock in the tableclear function in drivers/md/dm-ioctl.c within the Linux Kernel Device Mapper-Multipathing sub-component...

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend There was a reported crash when experimenting with the lvm2 test suite. The issue was caused by incorrect pairing of the postsuspend and resume methods; there were two consecutive...

6.3CVSS6.2AI score0.00689EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42122

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function ' clean column' in the data mapper layer that uses a...

9.3CVSS6AI score0.00287EPSS

RedHat Linux•added 2026/05/19 9:4 a.m.•5 views

kernel: dm: fix NULL pointer dereference in __dm_suspend()

In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in dmsuspend There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG...

5.8AI score0.00184EPSS

Exploits0References5

EUVD•added 2026/05/13 6:30 p.m.•6 views

EUVD-2026-29948

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

6.5CVSS5.8AI score0.00275EPSS

Exploits0References3

EUVD•added 2026/05/13 6:30 p.m.•4 views

EUVD-2026-29946

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

6.5CVSS5.8AI score0.00209EPSS

Exploits0References3

NVD•added 2026/05/13 2:17 p.m.•5 views

CVE-2026-37429

6.5CVSS0.00275EPSS

NVD•added 2026/05/13 2:17 p.m.•7 views

CVE-2026-37428

6.5CVSS0.00209EPSS

Cvelist•added 2026/05/13 12:0 a.m.•33 views

CVE-2026-37429

0.00275EPSS

CVE•added 2026/05/13 12:0 a.m.•10 views

CVE-2026-37429

The CVE-2026-37429 entry concerns qihang-wms: commit 75c15a contains a SQL injection vulnerability in the SysUserMapper.xml via the datascope parameter. The vulnerability could allow an attacker to retrieve sensitive data including PII through crafted SQL statements. CVSSv3.1 base score is 6.5 (M...

6.5CVSS5.8AI score0.00275EPSS

Cvelist•added 2026/05/13 12:0 a.m.•35 views

CVE-2026-37428

0.00209EPSS