CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/05/27 9:13 p.m.•24 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

5.3CVSS5.8AI score0.00581EPSS

Exploits0References5

RedhatCVE•added 2026/05/27 8:38 p.m.•5 views

CVE-2026-46020

A flaw was found in the Linux kernel's DAMON Data Access MONitor core. A privileged local user can exploit this vulnerability by providing an invalid node ID to damosquotagoal-nid for nodememused,freebp via the DAMON user-space tool. This improper validation can lead to an out-of-bounds memory...

5.8AI score0.00022EPSS

Exploits0References4

RedhatCVE•added 2026/05/27 8:25 p.m.•7 views

CVE-2026-46024

A flaw was found in the Linux kernel's libceph component. A remote attacker could send a specially crafted authentication reply message to trigger a null pointer dereference. This vulnerability can lead to a system crash, resulting in a Denial of Service DoS for affected systems...

7.5CVSS5.8AI score0.0007EPSS

Exploits0References4

CVE•added 2026/05/27 8:19 p.m.•9 views

CVE-2026-44710

pam_usb for Linux is affected by a NULL pointer dereference in src/device.c prior to 0.8.7, where return values from udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() were passed directly to strcmp() without NULL checks. The GIO/UDisks API can return NULL for thes...

4.6CVSS5.8AI score0.00038EPSS

Cvelist•added 2026/05/27 8:19 p.m.•32 views

CVE-2026-44710 pam_usb: NULL pointer dereference from UDisks device fields causes PAM crash and login denial-of-service

4.6CVSS0.00038EPSS

Vulnrichment•added 2026/05/27 8:19 p.m.•3 views

CVE-2026-44710 pam_usb: NULL pointer dereference from UDisks device fields causes PAM crash and login denial-of-service

4.6CVSS5.8AI score0.00038EPSS

NVD•added 2026/05/27 8:16 p.m.•5 views

CVE-2026-8360

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

7.5CVSS0.00053EPSS

NVD•added 2026/05/27 8:16 p.m.•8 views

CVE-2026-8359

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...

7.5CVSS0.00061EPSS

NVD•added 2026/05/27 8:16 p.m.•8 views

CVE-2026-45104

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

7.5CVSS0.00053EPSS

Exploits1References1

CVE•added 2026/05/27 8:10 p.m.•12 views

CVE-2026-47270

CVE-2026-47270 affects the pam_usb PAM module used for Linux hardware authentication. The denial logic (deny_remote) uses non-reentrant strtok(), with three functions sharing a global token pointer; in multi-threaded authentication (e.g., long-lived display managers like GDM), two concurrent auth...

6.3CVSS5.9AI score0.00016EPSS

RedhatCVE•added 2026/05/27 8:9 p.m.•5 views

CVE-2026-46081

A flaw was found in the Linux kernel's asynchronous compression acomp subsystem. When an asynchronous hardware implementation, such as the QAT driver, completes a request that uses the DMA virtual address interface, an incorrect pointer is stored. This leads to memory corruption within the...

7.8CVSS5.8AI score0.00015EPSS

Exploits0References4

Vulnrichment•added 2026/05/27 8:8 p.m.•3 views

CVE-2026-47271 pam_usb: OOM guards removed by -DNDEBUG cause NULL dereference and authentication process crash

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc, xrealloc, and xstrdup using assertdata != NULL. The C standard specifies that all assert expressions are compiled out when NDEBUG is defined at...

5.1CVSS5.8AI score0.00019EPSS

Exploits0References2

EUVD•added 2026/05/27 7:57 p.m.•4 views

EUVD-2026-32648

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

ATTACKERKB•added 2026/05/27 7:57 p.m.•4 views

CVE-2026-48066

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/27 7:57 p.m.•4 views

CVE-2026-48066 pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication

CVE•added 2026/05/27 7:57 p.m.•8 views

CVE-2026-48066

pam_usb fixes a thread-unsafe behavior: before 0.9.1, src/log.c used a process-wide static pointer written on every PAM invocation to a stack-local address, creating a data race when PAM is invoked concurrently by multiple threads. The issue is resolved in version 0.9.1. Affected component: pam_u...

Cvelist•added 2026/05/27 7:57 p.m.•31 views

CVE-2026-48066 pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication

5.7CVSS0.00019EPSS

Vulnrichment•added 2026/05/27 7:49 p.m.•4 views

CVE-2026-8359 Gladinet Triofox WOSHttpStatusModule.dll NULL Function Pointer Call DoS

7.5CVSS5.8AI score0.00061EPSS