CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 5 days ago•5 views

EUVD-2025-210082

5.1CVSS5.8AI score0.00088EPSS

Vulnrichment•added 5 days ago•5 views

CVE-2025-62858 QTS, QuTS hero

5.1CVSS5.8AI score0.00088EPSS

NVD•added 5 days ago•6 views

CVE-2026-5067

A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the...

9.8CVSS0.00155EPSS

EUVD•added 5 days ago•6 views

EUVD-2026-35348

9.8CVSS5.9AI score0.00155EPSS

Cvelist•added 5 days ago•32 views

CVE-2026-5067 Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key

9.8CVSS0.00155EPSS

Vulnrichment•added 5 days ago•5 views

CVE-2026-5067 Out-of-bounds read/write in HTTP WebSocket upgrade via non-null-terminated Sec-WebSocket-Key

9.8CVSS5.9AI score0.00155EPSS

CVE•added 5 days ago•25 views

CVE-2026-5067

The CVE targets Zephyr’s HTTP server WebSocket upgrade path (CONFIG_HTTP_SERVER_WEBSOCKET enabled). A crafted Sec-WebSocket-Key header can trigger memory corruption via a non-NUL-terminated copy into a fixed-size buffer, followed by copying to a local stack buffer and using strlen(). If no NUL ex...

9.8CVSS6AI score0.00155EPSS

Cvelist•added 5 days ago•30 views

CVE-2026-8909 WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action

The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralSettings function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS0.00012EPSS

Exploits0References4

SUSE CVE-2026-46276

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev-gds.gdssize, adev-gds.gwssize, and adev-gds.oasi...

5.5AI score0.00024EPSS

SUSE CVE•added 5 days ago•6 views

SUSE CVE-2026-46279

In the Linux kernel, the following vulnerability has been resolved: mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed befor...

5.4AI score0.00017EPSS

SUSE CVE•added 5 days ago•6 views

SUSE CVE-2026-46281

In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vreallocnodealign Commit 4c5d3365882d "mm/vmalloc: allow to set node and align in vrealloc" added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an...

5.8AI score0.00017EPSS

SUSE CVE-2026-46283

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.5AI score0.00018EPSS

SUSE CVE-2026-46285

In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3release In docg3release, the docg3 pointer is obtained from cascade-floors0-priv before the loop that calls docreleasedevice on each floor. docreleasedevice frees the docg3 struct via...

5.4AI score0.00024EPSS

SUSE CVE•added 5 days ago•4 views

SUSE CVE-2026-46289

In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extractkvectosg Patch series "Fix bugs in extractitertosg", v3. Fix bugs in the kvec and user variants of extractitertosg. This series is growing due to useful remarks made by...

5.4AI score0.00018EPSS

SUSE CVE•added 5 days ago•4 views

SUSE CVE-2026-46299

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the subsequent call to hfspluscatbuildkey fails, the function jumps to the...

5.5AI score0.00018EPSS

SUSE CVE-2026-46305

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: osdep: avoid NULL pointer dereference in rtwcbufalloc The return value of kzallocflex is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access t...

5.4AI score0.00018EPSS

SUSE CVE-2026-46309

In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...

5.4AI score0.00017EPSS