CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 4 hours ago•4 views

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

7.5CVSS7AI score0.01052EPSS

Exploits1References10

Cvelist•added 5 hours ago•6 views

CVE-2026-56368 ImageMagick - Memory Leak in Raw Pixel Data Coders

6.3CVSS

EUVD•added 5 hours ago•4 views

EUVD-2026-38755

6.3CVSS5.8AI score

CVE•added 5 hours ago•7 views

CVE-2026-56368

CVE-2026-56368 (ImageMagick) : ImageMagick prior to 7.1.2-15 has a memory leak in multiple coders that write raw pixel data, where allocated objects are not freed. This can be triggered by processing specially crafted images, leading to memory exhaustion and denial of service. Root cause is the u...

6.3CVSS5.8AI score

OSV•added 7 hours ago•3 views

DEBIAN-CVE-2026-12891

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...

4.3CVSS5.7AI score

Exploits0References1

RedHat Linux•added 8 hours ago•8 views

coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification

A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitiv...

4.4CVSS6AI score0.00209EPSS

Exploits0References6

OSV•added 9 hours ago•6 views

CURL-CVE-2026-11586 WS Auto-PONG memory exhaustion

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

5.8AI score

Exploits0

curl security advisories•added 9 hours ago•4 views

UAF after pause in socket callback

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

Exploits0References1Affected Software2

curl security advisories•added 9 hours ago•4 views

HTTP/2 stream-dependency tree UAF

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

5.9AI score

Exploits0References1Affected Software2

EUVD•added 10 hours ago•8 views

EUVD-2026-38711

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid NULL deref of conn-lnk in smcmsgevent tracepoint The smcmsgevent tracepoint class, shared by smctxsendmsg and smcrxrecvmsg, unconditionally dereferences smc-conn.lnk: stringname, smc-conn.lnk-ibname conn-lnk is onl...

5.8AI score

Exploits0References6

EUVD•added 10 hours ago•6 views

EUVD-2026-38705

In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit in ctx-partial. Before building a new skmsg, espintcpsendmsg first tries to flush that state through espintcppushmsgs. For blocki...

5.9AI score

CVE•added 10 hours ago•4 views

CVE-2026-52935

The CVE-2026-52935 entry concerns the Linux kernel xfrm/espintcp code. The issue arises from reusing an in-progress partial transmit state (ctx->partial) when building a new sk_msg, where espintcp_sendmsg() may prematurely reuse the live partial if espintcp_push_msgs() reports success while a ...

5.9AI score

CVE•added 10 hours ago•4 views

CVE-2026-52932

In the Linux kernel, CVE-2026-52932 fixes an issue in the xfrm: ipcomp path where destination pages could leak on acomp errors. The patch moves the out_free_req label to ensure the allocated destination SG list is freed on error as well as on success, preventing a potential resource leak. The des...

EUVD•added 10 hours ago•4 views

Exploits0References3

EUVD-2026-38700

In the Linux kernel, the following vulnerability has been resolved: ipc/shm: serialize orphan cleanup with shmnattch updates shmdestroyorphaned walks the shm idr under shmidsns.rwsem, but that does not serialize all fields tested by shmmaydestroy. In particular, shmnattch is updated while holding...

CVE•added 10 hours ago•7 views

CVE-2026-52927

CVE-2026-52927 concerns the Linux kernel netfilter ebtables path, specifically compat_mtw_from_user. The issue arises when converting 32-bit user structures to kernel native structures: user-supplied match_size/target_size may be too small, causing an out-of-bounds read during translation of exte...

5.8AI score

EUVD•added 10 hours ago•5 views

EUVD-2026-38726

In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...