CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 6 days ago•11 views

CVE-2026-48981

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pamusb calls xmlReadFile with flags=0 when loading the configuration file, allowing libxml2 to process external entity references XXE, potentially making outbound network connections or...

6.7CVSS0.00115EPSS

CVE-2026-48980 pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic

pamusb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv environment variables XRDPSESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or...

6.3CVSS0.00127EPSS

CVE-2026-48983 pam_usb: TOCTOU race condition in pad directory creation allows symlink substitution

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pamusb uses a check-then-act pattern: it calls lstat to test for existence and then calls mkdir separate...

5.8CVSS0.00084EPSS

CVE-2026-48982 pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race

5.8CVSS0.00088EPSS

Cvelist•added 6 days ago•13 views

CVE-2026-48981 pam_usb: xmlReadFile flags=0 permits XXE network entity fetching in conf.c

6.7CVSS0.00115EPSS

Cvelist•added 6 days ago•13 views

CVE-2026-48985 pam_usb: NULL Dereference Crash in pusb_is_loginctl_local when loginctl Returns Empty Remote Field

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, pusbisloginctllocal can cause a NULL dereference crash when parsing loginctl output. The function calls popen and reads the result; if the Remote field is only a newline, fgets succeeds...

5.5CVSS0.00113EPSS

CVE•added 6 days ago•13 views

CVE-2026-48986

CVE-2026-48986 affects pam_usb (Linux hardware authentication with removable media). In versions up to 0.9.1, the usb_get_process_parent_id() routine can cause an infinite loop DoS because it does not initialize *ppid on failure. In pusb_local_login(), the same variable is reused in a process-tre...

4.7CVSS5.3AI score0.00104EPSS

CVE-2026-48984 pam_usb: xfree() does not call explicit_bzero — sensitive cryptographic material may linger in freed heap

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree memory release helper in calls free without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including one-time pad bytes read fr...

4.7CVSS0.00109EPSS

Tenable Nessus•added 6 days ago•4 views

Siemens RuggedCom Rox Path Traversal (CVE-2025-6020)

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. This plugin only works with Tenable.ot. Please visit...

7.8CVSS7AI score0.0039EPSS

Exploits0References3

Cvelist•added 2026/06/16 6:24 p.m.•19 views

CVE-2026-11890

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results...

0.00162EPSS

Exploits0References1

Tenable Nessus•added 2026/06/16 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in...

8.2CVSS5.9AI score0.00321EPSS

Cvelist•added 2026/06/14 5:21 p.m.•24 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS0.00321EPSS

EUVD•added 2026/06/14 5:21 p.m.•10 views

EUVD-2026-36662

8.2CVSS5.4AI score0.00321EPSS

Vulnrichment•added 2026/06/14 5:21 p.m.•8 views

CVE-2026-54411

8.2CVSS5.3AI score0.00321EPSS

Debian CVE•added 2026/06/14 5:21 p.m.•7 views

CVE-2026-54411

8.2CVSS5.3AI score0.00321EPSS

Exploits0

Positive Technologies•added 2026/06/14 12:0 a.m.•11 views

PT-2026-49134

Name of the Vulnerable Software and Affected Versions Linux-PAM versions prior to 1.7.3 Description A timing discrepancy exists in the pam userdb module's plaintext-password comparison path within modules/pam userdb/pam userdb.c. A local or network-adjacent attacker can recover the plaintext...

8.2CVSS5.3AI score0.00321EPSS

Exploits0References8

The Hacker News•added 2026/06/12 6:17 p.m.•26 views

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant , says it backdoored the PAM and OpenSSH components that decide who is allowed to sign i...

6.7CVSS5.8AI score0.04271EPSS

Exploits1

Tenable Nessus•added 2026/06/11 12:0 a.m.•7 views

Devolutions Server < 2026.1.21.0 / 2026.2.4.0 < 2026.2.5.0 Multiple Vulnerabilities (DEVO-2026-0015)

The version of Devolutions Server installed on the remote host is prior to 2026.1.21.0 or 2026.2.4.0 prior to 2026.2.5.0. It is, therefore, affected by multiple vulnerabilities, including: - Improper neutralization of special elements in the built-in PAM provider password rotation templates in...

6.5CVSS6AI score0.00196EPSS