CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

89 matches found

EUVD-2026-38899

In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...

5.7AI score

Exploits0References5

Tenable Nessus•added 2026/06/03 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-46020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series mm/damon/core: validate damosquotagoal-nid. nodememcgused,freebp DAMOS quota goal...

7.1CVSS6AI score0.00124EPSS

Exploits0References2

Vulnrichment•added 2026/06/01 12:0 a.m.•7 views

CVE-2026-37226

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert in Debug builds SIGABRT and dereferenced in Release builds SIGSEGV. A remote unauthenticated attacker can crash the iApp...

6AI score0.00642EPSS

Exploits1References2

SUSE CVE•added 2026/05/28 3:53 a.m.•8 views

SUSE CVE-2026-46067

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

5.5CVSS5.9AI score0.00155EPSS

Exploits0References3

RedhatCVE•added 2026/05/27 8:38 p.m.•9 views

CVE-2026-46020

A flaw was found in the Linux kernel's DAMON Data Access MONitor core. A privileged local user can exploit this vulnerability by providing an invalid node ID to damosquotagoal-nid for nodememused,freebp via the DAMON user-space tool. This improper validation can lead to an out-of-bounds memory...

7.1CVSS5.8AI score0.00124EPSS

Exploits0References4

RedhatCVE•added 2026/05/27 8:10 p.m.•8 views

CVE-2026-46067

A flaw was found in the Linux kernel's DAMON Data Access MONitor core component. A local user could exploit this vulnerability by providing an invalid node identifier nid when configuring memory usage tracking goals. This lack of validation allows for out-of-bounds memory access, which can lead t...

7.1CVSS5.8AI score0.00155EPSS

Exploits0References4

NVD•added 2026/05/27 2:17 p.m.•9 views

CVE-2026-46067

7.1CVSS0.00155EPSS

Exploits0References2

NVD•added 2026/05/27 2:17 p.m.•10 views

CVE-2026-46020

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series "mm/damon/core: validate damosquotagoal-nid". nodememcgused,freebp DAMOS quota goals receive the node id. The node id is used for simeminfonode and...

7.1CVSS0.00124EPSS

Exploits0References3

OSV•added 2026/05/27 2:17 p.m.•6 views

UBUNTU-CVE-2026-46067

7.1CVSS5.9AI score0.00155EPSS

Exploits0References3

OSV•added 2026/05/27 2:17 p.m.•5 views

UBUNTU-CVE-2026-46020

7.1CVSS5.9AI score0.00124EPSS

Exploits0References3

Cvelist•added 2026/05/27 12:57 p.m.•37 views

CVE-2026-46067 mm/damon/core: validate damos_quota_goal->nid for node_memcg_{used,free}_bp

0.00155EPSS

Exploits0References2

EUVD•added 2026/05/27 12:56 p.m.•16 views

EUVD-2026-32401

5.9AI score0.00124EPSS

Exploits0References3

RedhatCVE•added 2026/05/15 1:57 a.m.•9 views

CVE-2026-44015

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

9.9CVSS5.9AI score0.00318EPSS

Exploits1References1

NVD•added 2026/05/12 10:16 p.m.•11 views

CVE-2026-44015

9.9CVSS0.00318EPSS

Exploits1References1

ATTACKERKB•added 2026/05/12 8:49 p.m.•6 views

CVE-2026-44015

8.5CVSS5.9AI score0.00318EPSS

Exploits1References2Affected Software1

SUSE CVE•added 2026/05/09 2:54 a.m.•9 views

SUSE CVE-2025-14576

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

7.8CVSS6.1AI score0.00221EPSS

Exploits0References4

OSV•added 2026/05/08 11:49 a.m.•89 views

BIT-PYTHON-2025-12084 Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

6.3CVSS6.9AI score0.00696EPSS

Exploits0References15

OSV•added 2026/04/30 1:16 p.m.•3 views

DEBIAN-CVE-2025-14576

7.8CVSS6.1AI score0.00221EPSS

Exploits0References1

Positive Technologies•added 2026/04/30 12:0 a.m.•4 views

PT-2026-36093

9.3CVSS5.8AI score0.00221EPSS

Exploits0References2

OSV•added 2026/04/29 8:54 p.m.•3 views

GHSA-WR32-99HH-6F35 Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to Internal Services

Summary An authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypassing...

8.5CVSS6AI score0.00318EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by