CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/27 2:17 p.m.•8 views

CVE-2026-46036

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...

7.8CVSS0.00125EPSS

Exploits0References4

OSV•added 2026/05/27 2:17 p.m.•2 views

UBUNTU-CVE-2026-46103

5.8AI score0.00164EPSS

Exploits0References3

OSV•added 2026/05/27 2:17 p.m.•2 views

UBUNTU-CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

8.2CVSS5.6AI score0.00439EPSS

Exploits0References3

Ubuntu•added 2026/05/27 1:28 p.m.•12 views

USN-8323-1: Postorius vulnerability

It was discovered that Postorius did not properly escape HTML in message subjects when rendering the Held messages pop-up. An attacker could possibly use this issue to inject arbitrary HTML, resulting in exposure of sensitive information...

7.2CVSS5.9AI score0.00237EPSS

CVE•added 2026/05/27 12:59 p.m.•15 views

CVE-2026-46103

In the Linux kernel, a fix for devres lifetime in the can: ucan path addresses memory-management where USB driver resources tied to an interface were not properly released when the driver is unbound (e.g., probe deferral or config changes). The issue affects USB drivers binding to interfaces and ...

5.9AI score0.00164EPSS

ATTACKERKB•added 2026/05/27 12:59 p.m.•6 views

CVE-2026-46102

In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skbhead leak in strpabortstrp When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp-skbhead. That skb is not...

Exploits0References9Affected Software1

Cvelist•added 2026/05/27 12:59 p.m.•40 views

CVE-2026-46102 net: strparser: fix skb_head leak in strp_abort_strp()

7.5CVSS0.00508EPSS

CVE•added 2026/05/27 12:57 p.m.•17 views

CVE-2026-46064

The CVE-2026-46064 issue affects the Linux kernel’s ibmasm path. The ibmasm_send_i2o_message() helper derives the memcpy_toio() byte count from user-controlled dot_command_header fields (command_size: u8, data_size: u16) via get_dot_command_size(), but does not validate against the actual allocat...

5.8AI score0.00176EPSS

Cvelist•added 2026/05/27 12:56 p.m.•42 views

CVE-2026-46037 ipv4: icmp: validate reply type before using icmp_pointers

8.2CVSS0.00439EPSS

Exploits0References7

Debian CVE•added 2026/05/27 12:56 p.m.•5 views

CVE-2026-46037

8.2CVSS5.7AI score0.00439EPSS

ATTACKERKB•added 2026/05/27 12:56 p.m.•6 views

CVE-2026-46027

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

Exploits0References9Affected Software1

EUVD•added 2026/05/27 12:56 p.m.•12 views

EUVD-2026-32408

5.7AI score0.00508EPSS

Exploits0References5

CVE•added 2026/05/27 12:56 p.m.•23 views

CVE-2026-46027

The CVE-2026-46027 fix targets the Linux kernel net/smc path, addressing a race where a CLC decline during an early handshake could trigger updates to link-group level sync state before the link group is fully initialized. The mitigation guards the link-group state update in smc_clc_wait_msg() so...

Exploits0References8Affected Software1

Debian CVE•added 2026/05/27 12:56 p.m.•7 views

CVE-2026-46027

ATTACKERKB•added 2026/05/27 12:56 p.m.•7 views

CVE-2026-46024

In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...

7.5CVSS5.6AI score0.00496EPSS

Exploits0References6Affected Software1

Cvelist•added 2026/05/27 12:56 p.m.•44 views

CVE-2026-46018 ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: stop parsing UAC2 rates at MAXNRRATES parseuac2sampleraterange caps the number of enumerated rates at MAXNRRATES, but it only breaks out of the current rate loop. A malformed UAC2 RANGE response with additional...

0.00155EPSS

Debian CVE•added 2026/05/27 12:18 p.m.•5 views

CVE-2026-45972

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL, otherwise a double free...

9.8CVSS5.7AI score0.00497EPSS

Cvelist•added 2026/05/27 12:18 p.m.•35 views

CVE-2026-45964 SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

0.00155EPSS