CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2 hours ago•3 views

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

NVD•added 2 hours ago•3 views

CVE-2026-26825

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...

RedhatCVE•added 2 hours ago•1 views

CVE-2026-46254

A flaw was found in the Linux kernel's AppArmor security module. This vulnerability arises when AppArmor processes unaligned Deterministic Finite Automaton DFA tables, which can originate from either kernel or userspace. The unaligned memory access triggered by these tables can lead to system...

RedhatCVE•added 2 hours ago•1 views

CVE-2026-46268

A flaw was found in the Linux kernel's PCI/P2PDMA subsystem. Specifically, a warning condition in the p2pmemallocmmap function can be triggered due to an incorrect page reference count assertion. This issue occurs when the CONFIGDEBUGVM option is enabled, leading to kernel warning messages. While...

5.5CVSS5.8AI score

CVE-2026-46270

A flaw was found in the Linux kernel's power supply driver, specifically in the rt9455 component. This vulnerability, a use-after-free, occurs due to a race condition during the system's shutdown process where an interrupt can access memory that has already been released. This can lead to system...

CVE-2026-46246

A flaw was found in the Linux kernel's pm8916lbc power supply driver. A race condition during device removal can cause a 'use-after-free' vulnerability, where the system attempts to access memory that has already been deallocated. This can lead to system instability, including crashes, effectivel...

CVE-2025-71314

A flaw was found in the Linux kernel's drm/panthor component. Buggy GPU jobs created by a User Mode Driver UMD can lead to a blockage in the memory subsystem. This prevents flush operations from completing, resulting in system hangs. A local attacker could exploit this to cause a Denial of Servic...

NVD•added 3 hours ago•2 views

CVE-2026-45702

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFAMEMSHARE...

4.4CVSS

CVE-2026-46253

A flaw was found in the Linux kernel's pstore/ram component. This vulnerability, a heap buffer overflow, occurs when the system attempts to save old persistent RAM logs and the buffer size changes, leading to an out-of-bounds write. While the conditions for exploitation are extremely difficult to...

5.5CVSS5.9AI score

RedHat Linux•added 3 hours ago•3 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS7.2AI score0.00045EPSS

Exploits0References8

RedhatCVE•added 4 hours ago•3 views

CVE-2026-46265

A flaw was found in the Linux kernel's RDMA/hns component. When the sunrpc Sun Remote Procedure Call is in use and a reset is triggered, a workqueue dependency issue can occur during Queue Pair QP destruction. This can lead to a kernel warning related to memory reclaim, potentially causing system...

RedhatCVE•added 4 hours ago•3 views

CVE-2026-46263

A flaw was found in the Linux kernel's drm/amd/display component. This vulnerability arises from an out-of-bounds array access when an invalid engid value is used to index the streamencregs array. A local attacker or a privileged process could exploit this memory corruption to potentially execute...

6.2AI score

RedhatCVE•added 4 hours ago•2 views

CVE-2026-46272

A flaw was found in the Linux kernel's Coresight Trace Memory Controller TMC Embedded Trace Router ETR driver. A race condition can occur when both the sysfs and perf modes are used simultaneously. This can lead to a kernel warning, potentially causing system instability or unexpected behavior...

NVD•added 4 hours ago•3 views

CVE-2026-46268

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmemallocmmap warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in p2pmemallocmmap it uses "VMWARNONONCEPAGE!pagerefcountpage" to asser...

Exploits0References3

NVD•added 4 hours ago•4 views

CVE-2026-46265

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQMEMRECLAIM warning When sunrpc is used, if a reset triggered, our wq may lead the following trace: workqueue: WQMEMRECLAIM xprtiod:xprtrdmaconnectworker rpcrdma is flushing !WQMEMRECLAIM...

Exploits0References6

NVD•added 4 hours ago•2 views

CVE-2026-46254

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures...

NVD•added 4 hours ago•4 views

CVE-2026-40290

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...

7.8CVSS