CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.5CVSS6.8AI score0.0071EPSS

Astra Linux - уязвимость в git

Git is a revision control system. By using a specially crafted repository, Git versions prior to 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 could be tricked into using its local clone optimization, even when using a non-local transport. Although Git will...

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/slub: The issue of the freelist pointer vs. redzone allocation has been fixed. It turns out that SLUB’s redzone allocation checks based on s-objectsize, rather than s-inuse which is usually adjusted to make room for the...

5.5CVSS6.4AI score0.00222EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•8 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fixed the incorrect order of resource deallocation. When attempting to destroy a QP or CQ, we first reduce the reference count and potentially free the memory regions allocated for the object. Then, we request the devic...

6.2AI score0.00168EPSS

Exploits0References1

8.8CVSS7.8AI score0.00842EPSS

Astra Linux – Vulnerability in Firefox and Thunderbird

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object, resulting in a potentially exploitable crash. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91.7...

Exploits1References1

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в libjettison-java

Those who use Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser runs on user-supplied input, an attacker may provide content that causes the parser to crash due to out-of-memory conditions. This vulnerability could potentially allow for...

7.5CVSS6.8AI score0.01201EPSS

Exploits0References1

7.5CVSS7.2AI score0.00567EPSS

Astra Linux - уязвимость в firefox

It was possible to mutate a JavaScript object in such a way that the JIT compiler could crash while tracing it. This vulnerability affects Firefox versions less than 125...

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в chromium

Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7AI score0.01011EPSS

Exploits1References2

4.7CVSS5.7AI score0.00089EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevents concurrent access to the IPSec ASO context. The querying or updating of IPSec offload objects occurs through the Access ASO WQE. The driver uses a single mlx5eipsecaso structure for each PF, which contains a...

Exploits0References1

8.8CVSS7AI score0.00833EPSS

Astra Linux - уязвимость в chromium

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•9 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The netlink notifier might race to release objects. The commit release path is invoked via callrcu, and it runs without locking to release the objects after the rcu grace period. The netlink notifier handler...

4.7CVSS5.5AI score0.0011EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в samba

A vulnerability was discovered in Samba. A delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object’s creation. This issue arises because the administrator...

7.5CVSS6.8AI score0.00484EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в pyasn1

pyasn1 is a generic ASN.1 library for Python. Prior to version 0.6.2, a Denial-of-Service issue was identified that could lead to memory exhaustion due to malformed RELATIVE-OID values with excessive continuation octets. This vulnerability has been fixed in version 0.6.2...

7.5CVSS6.5AI score0.00491EPSS

Cvelist•added 2026/05/20 5:31 a.m.•43 views

CVE-2026-6566 Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS0.00236EPSS

ATTACKERKB•added 2026/05/20 5:31 a.m.•3 views

CVE-2026-6566

EUVD•added 2026/05/20 5:31 a.m.•8 views

Exploits0References3

EUVD-2026-31063

Vulnrichment•added 2026/05/20 5:31 a.m.•11 views

CVE-2026-6566 Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API

CVE•added 2026/05/20 5:31 a.m.•15 views

CVE-2026-6566

CVE-2026-6566 affects WordPress plugin NextGEN Gallery (Photo Gallery, Sliders, Proofing and Themes) up to version 4.2.0. The vulnerability is an Insecure Direct Object Reference in the image deletion REST flow: DELETE /imagely/v1/images/{id} only enforces NextGEN Manage gallery permission and do...

NVD•added 2026/05/20 4:16 a.m.•15 views

CVE-2026-7637

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...

9.8CVSS0.00573EPSS