CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•0 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Fixed potential null pointer dereferencing. In functions lan8814getsigrx and lan8814getsigtx, ptpparseheader may return NULL due to abnormal packet types or corrupted packets. This bug has been fixed by adding a...

5.5CVSS6.2AI score0.00011EPSS

Exploits0References2

RedhatCVE•added 2026/04/07 11:1 p.m.•4 views

CVE-2026-35170

openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in BitParser::parseHeader that allows out-of-bounds heap memory access when parsing a crafted .bit file. No FPGA hardware is required to trigger this vulnerability...

7.1CVSS5.9AI score0.0002EPSS

CNNVD•added 2026/04/06 12:0 a.m.•3 views

openFPGALoader 缓冲区错误漏洞

openFPGALoader is a general-purpose FPGA programming tool developed by Gwenhael Goavec-Merou. Versions of openFPGALoader prior to 1.1.1 contained a buffer error vulnerability. This vulnerability stems from a heap buffer overflow during the execution of the BitParser::parseHeader function, which m...

7.1CVSS6.2AI score0.0002EPSS

OSV•added 2026/02/02 12:31 p.m.•1 views

GHSA-WJ3H-WX8G-X699 H2O has an External Control of File Name or Path vulnerability

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS6.6AI score0.00141EPSS

Exploits0References3

EUVD•added 2026/02/02 10:36 a.m.•2 views

EUVD-2024-55393

9.1CVSS6.6AI score0.00141EPSS

Exploits0References1

Vulnrichment•added 2026/02/02 10:36 a.m.•3 views

CVE-2024-5986 Remote Arbitrary File Write with Arbitrary Data in h2oai/h2o-3

9.1CVSS6.6AI score0.00141EPSS

Exploits0References1

Snyk•added 2026/01/27 12:0 a.m.•1 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the parseheader function. An attacker can cause application instability or denial of service by supplying a specially crafted treemagic file that triggers a buffer underflow and out-of-bounds memory access...

4.8CVSS6AI score0.00013EPSS

Exploits1References4

NVD•added 2026/01/21 8:16 p.m.•3 views

CVE-2025-68137

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parseheader allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtract...

8.3CVSS0.0004EPSS

Vulnrichment•added 2026/01/21 7:20 p.m.•3 views

CVE-2025-68137 EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer overflow or infinite loop

OSV•added 2026/01/21 7:20 p.m.•4 views

CVE-2025-68137 EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer overflow or infinite loop

EUVD•added 2026/01/21 7:20 p.m.•2 views

Exploits1References3

EUVD-2025-206317

CVE•added 2026/01/21 7:20 p.m.•6 views

CVE-2025-68137

EVerest before version 2025.10.0 is affected by an integer overflow in SdpPacket::parse_header(). After reading an 8-byte header, the remaining length can be set to 7, and the calculation of the remaining length yields a negative value that is interpreted as SIZE_MAX. This can cause an infinite l...

Exploits1References1Affected Software1

CNNVD•added 2026/01/21 12:0 a.m.•0 views

Everest-core security vulnerabilities

Everest-core is a major component of the open-source electric vehicle charging software stack developed by EVerest. Versions of everest-core prior to 2025.10.0 contained security vulnerabilities. These vulnerabilities were caused by integer overflows in the SdpPacket::parseheader function, which...

Tenable Nessus•added 2026/01/15 12:0 a.m.•1 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002577)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002577 advisory. The cdcparsecdcheader function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service out-of-bounds read and...

7.2CVSS6.4AI score0.00107EPSS

Exploits0References6

Tenable Nessus•added 2025/09/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2018-18829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists a NULL pointer dereference in ffvc1parseframeheaderadv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafte...

6.5CVSS6.6AI score0.00239EPSS