CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

125952 matches found

RedHat Linux•added 2026/05/06 1:41 p.m.•7 views

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

7.8CVSS7.2AI score0.96775EPSS

Exploits228References14

IBM Security Bulletins•added 2026/05/06 1:5 p.m.•14 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code execution, loss of confidentiality and denial of service

Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code execution CVE-2026-23950, CVE-2026-31802, CVE-2026-26960, CVE-2026-24842, CVE-2026-33228, CVE-2026-29786, CVE-2026-23745, CVE-2026-40175, GHSA-v8w9-8mx6-g223, CVE-2026-34601, CVE-2026-295...

9.8CVSS6.9AI score0.00613EPSS

Exploits11Affected Software1

IBM Security Bulletins•added 2026/05/06 1:4 p.m.•5 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka connectors are vulnerable to loss of confidentiality (CVE-2025-12183, CVE-2025-66566)

Summary Java module lz4 is used by IBM App Connect Enterprise Certified Container when connecting to Kafka servers. IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka connectors are vulnerable to loss of confidentiality. This bulletin...

8.8CVSS5.9AI score0.0068EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/06 1:3 p.m.•6 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of integrity, arbitrary code execution, denial of service and SSRF

Summary IBM App Connect Enterprise Certified Container Designer operands that use mapping assistance and Dashboard operands that use the App Connect Enterprise Agent are vulnerable to loss of integrity CVE-2026-28684, arbitrary code execution CVE-2026-28277, denial of service CVE-2026-40347 and...

7.2CVSS6.3AI score0.05219EPSS

Exploits1Affected Software1

RedHat Linux•added 2026/05/06 1:3 p.m.•8 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.88 security and extras update

Red Hat OpenShift Container Platform release 4.12.88 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Low...

9.1CVSS7.1AI score0.00522EPSS

Exploits1References2

IBM Security Bulletins•added 2026/05/06 1:2 p.m.•12 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality, denial of service and cross-site scripting

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, GHSA-39q2-94rc-95cp, denial of service CVE-2026-33151, CVE-2026-32288 and cross-site scripting CVE-2026-27142. This bulletin...

8.7CVSS5.8AI score0.00514EPSS

Exploits1Affected Software1

Securelist•added 2026/05/06 1:0 p.m.•4 views

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

Introduction Through our daily threat hunting, we noticed that, beginning in July 2025, a series of malicious wheel packages were uploaded to PyPI the Python Package Index. We shared this information with the public security community, and the malware was removed from the repository. We submitted...

6.1AI score

Exploits0

EUVD•added 2026/05/06 12:30 p.m.•4 views

EUVD-2026-27806

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

5.8AI score0.00441EPSS

Exploits0References4

EUVD•added 2026/05/06 12:30 p.m.•27 views

EUVD-2026-27810

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix SError of kernel panic when closed SError of kernel panic rarely happened while testing fluster. The root cause was to enter suspend mode because timeout of autosuspend delay happened. 48.834439...

5.8AI score0.00121EPSS

Exploits0References4

EUVD•added 2026/05/06 12:30 p.m.•3 views

EUVD-2026-27808

In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen9pfsfrontfree against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen9pfsfrontfree twice, hitting the observed general protection fault due to a double-free...

5.8AI score0.00241EPSS

Exploits0References5

EUVD•added 2026/05/06 12:30 p.m.•3 views

EUVD-2026-27719

In the Linux kernel, the following vulnerability has been resolved: xfs: fix freemap adjustments when adding xattrs to leaf blocks xfs/592 and xfs/794 both trip this assertion in the leaf block freemap adjustment code after 20 minutes of running on my test VMs: ASSERTichdr-firstused = ichdr-count...

5.7AI score0.00469EPSS

Exploits0References9

Snyk•added 2026/05/06 12:26 p.m.•8 views

Use of Predictable Algorithm in Random Number Generator

Overview keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud Affected versions of this package are vulnerable to Use of Predictable Algorithm in Random Number Generator in the generatechallenge method. An attacker can evade detection and bypass security...

8.3CVSS5.8AI score0.00121EPSS

Exploits0References2