CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/13 8:53 a.m.•3 views

CLSA-2026-1778254557 httpd: Fix of 8 CVEs

CVE-2026-24072: modrewrite/modsetenvif: use APEXPRFLAGRESTRICTED in htaccess to prevent reading server-side files via apexpr from .htaccess - CVE-2026-29169: moddavlock: NULL pointer dereference in davgenericrefreshlocks use dpscan instead of dp - CVE-2026-33006: modauthdigest: timing attack —...

8.8CVSS5.8AI score0.00648EPSS

Exploits2References1

Mageia•added 2026/05/13 7:0 a.m.•6 views

Updated php packages fix security vulnerabilities

FPM: Fixed GHSA-7qg2-v9fj-4mwv XSS within status endpoint. CVE-2026-6735 MBString: Fixed GHSA-wm6j-2649-pv75 Null pointer dereference in phpmbcheckencoding via mberegsearchinit. CVE-2026-7259 OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDOFirebird: Fixed GHSA-w476-322c-wpvm SQL injection...

9.8CVSS5.9AI score0.00369EPSS

Exploits1References2

RedHat Linux•added 2026/05/13 6:0 a.m.•5 views

krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism

A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service DoS...

SUSE CVE•added 2026/05/13 3:35 a.m.•4 views

Exploits0References7

SUSE CVE-2026-43337

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401inithw dcn401inithw assumes that updatebwboundingbox is valid when entering the update path. However, the existing condition: !fams2enable && updatebwboundingbox || freqchang...

5.5CVSS5.7AI score0.00013EPSS

SUSE CVE•added 2026/05/13 3:34 a.m.•4 views

SUSE CVE-2026-43367

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix a few more NULL pointer dereference in device cleanup I found a few more paths that cleanup fails due to a NULL version pointer on unsupported hardware. Add NULL checks as applicable. cherry picked from commit...

5.8AI score0.00013EPSS

SUSE CVE•added 2026/05/13 3:34 a.m.•4 views

SUSE CVE-2026-43416

In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current-mm is alive before getting user callchain It may happen that mm is already released, which leads to kernel panic. This adds the NULL check for current-mm, similarly to commit 20afc60f892d "x86,...

5.5CVSS5.7AI score0.00013EPSS

SUSE CVE•added 2026/05/13 3:34 a.m.•3 views

SUSE CVE-2026-43422

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

5.7AI score0.00013EPSS

Tenable Nessus•added 2026/05/13 12:0 a.m.•3 views

AlmaLinux 8 : krb5 (ALSA-2026:16799)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:16799 advisory. krb5: MIT Kerberos 5 krb5: Denial of Service via integer underflow and out-of-bounds read CVE-2026-40356 krb5: MIT Kerberos 5: Denial of Service via NULL...

AlmaLinux•added 2026/05/13 12:0 a.m.•9 views

Exploits0References4

Important: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

CNNVD•added 2026/05/13 12:0 a.m.•5 views

Exploits0References6

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of an incorrect auxiliary function in the rt1011recvspkmodeput function to obtain DAPM...

5.8AI score0.00024EPSS

OSV•added 2026/05/13 12:0 a.m.•4 views

ALSA-2026:16799 Important: krb5 security update

RedhatCVE•added 2026/05/12 8:21 p.m.•6 views

Exploits0References6

CVE-2026-28985

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service...

6.2CVSS5.8AI score0.00014EPSS

NVD•added 2026/05/12 8:16 p.m.•6 views

CVE-2026-42442

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

5.5CVSS0.00014EPSS