CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 6 days ago•9 views

Klever-Go P2P MultiDataInterceptor leaks global throttler slots on malformed compressed batches (DoS)

Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. The decompression-error path in MultiDataInterceptor.ProcessReceivedMessage now releases the global throttler slot before returning guarded defer after StartProcessing, disabled when the asynchronous goroutine takes...

5.8AI score

Exploits0References4Affected Software1

NVD•added last week•7 views

CVE-2026-46268

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmemallocmmap warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in p2pmemallocmmap it uses "VMWARNONONCEPAGE!pagerefcountpage" to asser...

5.5CVSS0.00022EPSS

Cvelist•added last week•35 views

CVE-2026-46268 PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition

0.00022EPSS

EUVD•added last week•8 views

EUVD-2026-34130

5.7AI score0.00022EPSS

Qualys Blog•added 2026/06/03 3:0 p.m.•8 views

Stop Patching at Human Speed: Peer-to-Peer (P2P) Distribution Closes the Remediation Gap Before Attackers Strike

Executive Summary Knowing what’s exploitable is only half the battle. P2P patch distribution turns your endpoints into a delivery network, cutting patch propagation by up to 92%, reducing WAN bandwidth by 99%+, and helping close critical vulnerabilities before attackers can move. Available now in...

6AI score

Cvelist•added 2026/05/29 5:14 p.m.•32 views

CVE-2026-44697 Klever-Go MultiDataInterceptor: remote OOM via crafted compressed P2P payload

Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress data/batch/batch.go allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on...

8.6CVSS0.00052EPSS

Exploits0References1

EUVD•added 2026/05/28 9:40 a.m.•8 views

EUVD-2026-32856

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...

OSV•added 2026/05/27 2:17 p.m.•6 views

Exploits0References5

UBUNTU-CVE-2026-45880

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Release per-CPU pgmap ref when vminsertpage fails When vminsertpage fails in p2pmemallocmmap, p2pmemallocmmap doesn't invoke percpurefput to free the per-CPU ref of pgmap acquired after genpoolallocowner, and...

5.7AI score0.00024EPSS

CVE•added 2026/05/27 12:16 p.m.•10 views

CVE-2026-45880

The CVE-2026-45880 entry concerns the Linux kernel PCI/P2PDMA path. When vm_insert_page() fails inside p2pmem_alloc_mmap(), the code path does not call percpu_ref_put() to release the per-CPU reference of the pgmap acquired after gen_pool_alloc_owner(). As a result, memunmap_pages() can hang inde...

UbuntuCve•added 2026/05/27 12:0 a.m.•6 views

Exploits0References5

CVE-2026-45880

PCI/P2PDMA: Release per-CPU pgmap ref when vminsertpage fails...

CNNVD•added 2026/05/27 12:0 a.m.•7 views

Exploits0References2

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the PCI P2PDMA driver’s p2pmemallocmmap function. When vminsertpage fails, the per-CPU pgmap...

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

Exploits0References5

PT-2026-43747

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the PCI/P2PDMA component where the p2pmem alloc mmap function fails to invoke percpu ref put to release the per-CPU reference of pgmap acquired after gen pool alloc...

5.4AI score0.00024EPSS

Exploits0References14

Akamai Blog•added 2026/05/21 8:0 p.m.•3 views

Decentralized Threat: Stealthy P2P Cryptominer Targeting Ollama Endpoints

The Akamai SIRT uncovered a custom P2P Trojan masquerading as system activity. Learn how to detect and mitigate this stealthy Go-based cryptominer...

5.8AI score

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cfg80211: Calling cfg80211stopap when switching from P2PGO type If the user-space tools switch from NL80211IFTYPEP2PGO to NL80211IFTYPEADHOC via sendmsgNL80211CMDSETINTERFACE, it does not call the cleanup function cfg80211stopap...

7.8CVSS6AI score0.00018EPSS

Exploits0References2

The Hacker News•added 2026/05/15 5:10 p.m.•12 views

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer P2P botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency CISA, is assess...

5.9AI score

Microsoft Secure•added 2026/05/14 3:0 p.m.•9 views

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

6.1AI score