CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9977 matches found

SUSE CVE•added 2026/05/22 2:20 a.m.•4 views

SUSE CVE-2026-43496

In the Linux kernel, the following vulnerability has been resolved: net/sched: schred: Replace direct dequeue call with peek and qdiscdequeuepeeked When red qdisc has children eg qfq qdisc whose peek callback is qdiscpeekdequeued, we could get a kernel panic. When the parent of such qdiscs eg...

5.5CVSS5.8AI score0.00032EPSS

Exploits0References3

OSV•added 2026/05/22 2:8 a.m.•4 views

GO-2026-5033 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

5.3CVSS5.8AI score0.0005EPSS

Exploits0References3

OSV•added 2026/05/22 2:8 a.m.•1 views

GO-2026-5013 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS5.8AI score0.00054EPSS

Exploits0References3

Positive Technologies•added 2026/05/22 12:0 a.m.•8 views

PT-2026-42714

Name of the Vulnerable Software and Affected Versions SSH servers affected versions not specified Description SSH servers using CertChecker as a public key callback may experience a panic when a client presents a certificate if IsUserAuthority or IsHostAuthority are not set. A panic is a critical...

5.3CVSS5.8AI score0.00029EPSS

Exploits0References41

Positive Technologies•added 2026/05/22 12:0 a.m.•6 views

PT-2026-42717

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An incorrectly placed cast from bytes to int in the AES-GCM packet decoder allows for a server-side panic when processing well-crafted inputs. A server-side pani...

7.5CVSS5.8AI score0.00054EPSS

Exploits0References42

Tenable Nessus•added 2026/05/22 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-43496

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: schred: Replace direct dequeue call with peek and qdiscdequeuepeeked When red qdisc has children eg qfq qdisc whose peek callback is qdiscpeekdequeue...

5.8AI score0.00032EPSS

Exploits0References4

Positive Technologies•added 2026/05/22 12:0 a.m.•10 views

PT-2026-42718

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Certain crafted inputs allow the creation of an ed25519.PrivateKey by casting malformed wire bytes, which results in a panic when the key is used. A panic is an...

5.3CVSS5.8AI score0.0005EPSS

Exploits0References37

CNNVD•added 2026/05/22 12:0 a.m.•6 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which occurs when using CertChecker as a public key callback without setting IsUserAuthority or IsHos...

5.3CVSS5.8AI score0.00029EPSS

Exploits0References5

Positive Technologies•added 2026/05/22 12:0 a.m.•9 views

PT-2026-42721

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

9.2CVSS5.8AI score0.00052EPSS

Exploits0References4

OSV•added 2026/05/21 7:50 p.m.•2 views

GHSA-MW3Q-R9WH-H2FF nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item

Impact A remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::putchunk allows any state-sync peer to crash any node performing state synchronization freshly joining nodes and recovering nodes. A malicious peer can respond to a RequestChunk with a ResponseChunk::Chunk whose...

7.5CVSS5.9AI score

Exploits0References5

OSV•added 2026/05/21 7:45 p.m.•5 views

GHSA-H9CC-W26M-J342 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...

4.3CVSS5.9AI score

Exploits0References5

IBM Security Bulletins•added 2026/05/21 3:49 p.m.•10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in Go JOSE [CVE-2026-34986]

Summary IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in Go JOSE, due to an issue occuring when cipher.KeyUnwrap in keywrap.go attempts to allocate a slice with a zero or negative length based on the length of the encryptedkey CVE-2026-34986. Go JOSE is used as...

7.5CVSS6.9AI score0.00035EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/21 3:48 p.m.•4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in go-git [CVE-2026-33762]

Summary IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in go-git, due to a flaw in the index decoder for format version 4 that fails to validate the path name prefix length before applying it to the previously decoded path name CVE-2026-33762. Go-git is used as pa...

2.8CVSS5.7AI score0.00005EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/05/21 3:14 p.m.•5 views

CVE-2026-43496

A flaw was found in the Linux kernel's networking scheduler component. This vulnerability occurs when a specific queueing discipline qdisc configuration is used, where a parent qdisc attempts to retrieve a network packet from a child qdisc. An incorrect function call during this process can lead ...

5.5CVSS5.8AI score0.00032EPSS

Exploits0References4