CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/06 11:12 p.m.•6 views

CLSA-2026-1777942724 vim: Fix of 3 CVEs

CVE-2021-3928: fix reading uninitialized memory in spell suggestions spellsuggest.c - CVE-2022-1616: fix buffer overflow in invalid command with composing chars exdocmd.c - CVE-2022-1620: fix NULL pointer dereference when using invalid pattern buffer.c...

7.8CVSS7.3AI score0.02615EPSS

Exploits3References1

RedhatCVE•added 2026/05/06 9:38 p.m.•6 views

CVE-2026-43207

A flaw was found in the Linux kernel's mtk-mdp media driver. Improper error handling in the probe function could lead to a resource leak. Additionally, a missing check for the return value of vpugetplatdevice could result in a null pointer dereference, potentially causing a system crash and leadi...

7.8CVSS5.8AI score0.00139EPSS

NVD•added 2026/05/06 9:16 p.m.•5 views

CVE-2026-40197

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...

7.1CVSS0.00299EPSS

NVD•added 2026/05/06 9:16 p.m.•3 views

CVE-2026-40195

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...

7.1CVSS0.00398EPSS

RedhatCVE•added 2026/05/06 8:46 p.m.•7 views

CVE-2026-43189

A flaw was found in the v4l2-async component of the Linux kernel. Improper error handling during asynchronous video device matching can lead to a null pointer dereference. This issue could allow a local attacker to trigger a system crash, resulting in a Denial of Service DoS...

5.5CVSS5.8AI score0.00127EPSS

ATTACKERKB•added 2026/05/06 8:36 p.m.•3 views

CVE-2026-40197

Exploits1References2Affected Software1

CVE•added 2026/05/06 8:36 p.m.•18 views

CVE-2026-40197

Incus CVE-2026-40197 describes a nil-pointer dereference in the custom volume import path. During import, the code iterates over srcBackup.Config.VolumeSnapshots and dereferences each element without validating it, allowing an attacker-controlled null entry in volume_snapshots to crash the daemon...

Exploits1References1Affected Software1

Vulnrichment•added 2026/05/06 8:36 p.m.•5 views

CVE-2026-40197 Incus nil-pointer dereference in custom volume import allows denial of service

AlpineLinux•added 2026/05/06 8:36 p.m.•6 views

CVE-2026-40197

Cvelist•added 2026/05/06 8:33 p.m.•22 views

Exploits1

CVE-2026-40195 Incus nil-pointer dereference in storage bucket import allows denial of service

7.1CVSS0.00398EPSS

ATTACKERKB•added 2026/05/06 8:33 p.m.•5 views

CVE-2026-40195

7.1CVSS5.8AI score0.00398EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/06 8:33 p.m.•7 views

CVE-2026-40195 Incus nil-pointer dereference in storage bucket import allows denial of service

7.1CVSS5.8AI score0.00398EPSS

CVE•added 2026/05/06 8:33 p.m.•13 views

CVE-2026-40195

CVE-2026-40195 affects Incus prior to v7.0.0, causing a nil-pointer dereference in the bucket-import path during bucket restoration from a malformed index.yaml. The bug occurs in CreateBucketFromBackup when srcBackup.Config is not validated (the code accesses srcBackup.Config.Bucket and related f...

7.1CVSS5.8AI score0.00398EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2026/05/06 8:6 p.m.•5 views

CVE-2026-43173

A flaw was found in the Linux kernel. A local user can trigger a NULL pointer dereference in the ixp4xxgettsinfo function within the network ethernet xscale driver. This occurs because ixp46xptpfind is unconditionally called, even on systems that do not support the ixp46x PTP feature. Successful...

5.5CVSS5.8AI score0.00127EPSS

RedhatCVE•added 2026/05/06 7:44 p.m.•7 views

CVE-2026-43164

A flaw was found in the Linux kernel's UDP-Lite User Datagram Protocol-Lite implementation. An issue during the initialization of UDP-Lite sockets can lead to a null-pointer dereference in the udpenqueuescheduleskb function. This vulnerability could allow an attacker to trigger a system crash,...

7.5CVSS5.8AI score0.00451EPSS

RedhatCVE•added 2026/05/06 7:21 p.m.•6 views

CVE-2026-43159

A flaw was found in the rtl8723bs Wi-Fi driver within the Linux kernel. This vulnerability occurs when a pointer, pwlan, can become null before being used in the rtwfreenetworknolock function, leading to a null pointer dereference. An attacker could potentially exploit this to cause a system cras...

5.5CVSS5.8AI score0.00128EPSS

RedhatCVE•added 2026/05/06 7:21 p.m.•7 views

CVE-2026-43160

A flaw was found in the Linux kernel's macsmc driver. This vulnerability occurs because a mutex, a mechanism used to prevent simultaneous access to shared resources, within the struct applesmc is not properly initialized in the applesmcprobe function. An uninitialized mutex can lead to occasional...

5.5CVSS5.8AI score0.00121EPSS

RedhatCVE•added 2026/05/06 6:57 p.m.•6 views

CVE-2026-43152

A flaw was found in the Linux kernel's Human Interface Device HID subsystem, specifically within the hid-pl module. This vulnerability arises from improper error handling during device initialization. An attacker could potentially trigger a NULL pointer dereference by interacting with a device th...

5.5CVSS5.8AI score0.00128EPSS