CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2171 matches found

CVE-2026-21017

Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files...

5.5CVSS5.4AI score0.00013EPSS

Exploits0References1

Hacker One•added 2026/05/30 7:56 a.m.•10 views

curl: SMTP connection reuse ignores --ssl-reqd / CURLOPT_USE_SSL and reuses a clear-text STARTTLS session on current master

Summary: Current master reintroduces a STARTTLS connection-reuse bug in SMTP. After commit 91dcf4e610 url: urlmatchdestination fix, curl/libcurl can reuse an already-established clear-text smtp:// session for a later logical request that explicitly requires TLS via --ssl-reqd or CURLOPTUSESSL =...

5.8AI score

Exploits0

CVE•added 2026/05/26 5:24 p.m.•13 views

CVE-2026-24194

CVE-2026-24194 affects the NVIDIA GPU Display Driver for Linux. It is a vulnerability in a kernel-mode layer handler that can allow improper permission handling. Exploitation could lead to denial of service, privilege escalation, information disclosure, data tampering, and code execution. The iss...

7.8CVSS5.9AI score0.00011EPSS

Exploits0References3

EUVD•added 2026/05/26 8:19 a.m.•5 views

EUVD-2026-31804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18...

6.5CVSS5.8AI score0.00034EPSS

Exploits0References1

VulnCheck KEV•added 2026/05/21 12:0 a.m.•25 views

VulnCheck KEV: CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.07956EPSS

In wildExploits1References4

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в python-psutil

psutil also known as python-psutil from version 5.6.5 onwards may have a double-free issue. This issue occurs due to improper handling of reference counts within a while loop or for loop, which converts system data into a Python object...

7.5CVSS6.9AI score0.00176EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•10 views

Astra Linux – Vulnerability in Linux

In intelpmudrainpebsnhm in arch/x86/events/intel/ds.c of the Linux kernel, up to version 5.11.8 on some Haswell CPUs, user-space applications such as perf-fuzzer can cause a system crash due to improper handling of the PEBS status in a PEBS record, also known as CID-d88d05a9e0b6...

5.5CVSS6.5AI score0.00093EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в texlive-bin

In axohelp.c, before version 1.3 in axohelp, and in axodraw2 before version 2.1.1b, sprintf is handled incorrectly. This issue is present in distributions like TeXLive and other collections...

9.8CVSS7.3AI score0.00198EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в mariadb-10.3

MariaDB before version 10.6.2 allows an application to crash due to improper handling of a pushdown from a HAVING clause to a WHERE clause...

5.5CVSS6.8AI score0.00063EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A issue was discovered in l2capsockrelease in net/bluetooth/l2capsock.c in the Linux kernel before version 6.4.10. There is a use-after-free issue, as the children of a sk object are handled incorrectly...

7.8CVSS6.7AI score0.00011EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в poppler-22, poppler

In Poppler 22.07.0, the PDFDoc::savePageAs function in PDFDoc.c allows attackers to cause a denial-of-service attack the application crashes with SIGABRT by manipulating a PDF file in which the xref data structure is improperly handled during the getCatalog process. Note that this vulnerability i...

6.5CVSS6.8AI score0.00064EPSS

Exploits1References2

Vulnrichment•added 2026/05/20 12:0 a.m.•6 views

CVE-2026-44926

InfoScale CmdServer before 7.4.2 mishandles access control...

5.8AI score0.00016EPSS

Exploits0References2

Tenable Nessus•added 2026/05/11 12:0 a.m.•4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-psutil (UTSA-2026-017488)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017488 advisory. psutil aka python-psutil through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into ...

7.5CVSS5.8AI score0.00176EPSS

Exploits0References4

CloudLinux•added 2026/05/08 11:41 a.m.•7 views

openssh: Fix of CVE-2026-35414

CVE-2026-35414: fix authorizedkeys principals option mishandling with comma-containing CA principals...

8.1CVSS6AI score0.00031EPSS

Exploits0

OSV•added 2026/05/05 2:0 p.m.•0 views

UBUNTU-CVE-2026-6907

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.7AI score0.00036EPSS

Exploits0References4

OSV•added 2026/05/05 12:0 p.m.•1 views

RUSTSEC-2026-0125 Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

8.2CVSS5.8AI score

Exploits0References5