CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/04/22 7:39 p.m.•1 views

CVE-2026-31503

A flaw was found in the Linux kernel's User Datagram Protocol UDP implementation. When a significant number of UDP sockets are bound to specific local addresses on the same port, the kernel's conflict detection mechanism can fail. This allows a local attacker to bind to a wildcard address on a po...

5.5CVSS5.7AI score0.00015EPSS

EUVD•added 2026/04/22 3:31 p.m.•0 views

EUVD-2026-24880

In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict check when using hash2 When binding a udpsock to a local address and port, UDP uses two hashes udptable-hash and udptable-hash2 for collision detection. The current code switches to "hash2" when...

5.7AI score0.00015EPSS

Exploits0References7

Tenable Nessus•added 2026/04/17 12:0 a.m.•1 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007479)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007479 advisory. In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to...

7.8CVSS6.5AI score0.00024EPSS

Tenable Nessus•added 2026/04/08 12:0 a.m.•2 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006753 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctpv6fromsk syzbot found that sin6scopeid was not properly...

5.5CVSS5.7AI score0.00017EPSS

Cvelist•added 2026/03/31 1:57 p.m.•21 views

CVE-2026-34200 Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port

Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication and does not enforce strict CORS. This allows a malicious website visited on the same machine to...

7.7CVSS0.00132EPSS

Exploits1References3

OSV•added 2026/03/31 1:57 p.m.•2 views

CVE-2026-34200 Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port

7.7CVSS5.8AI score0.00132EPSS

Exploits1References5

RedhatCVE•added 2026/03/26 3:4 p.m.•2 views

CVE-2026-25086

Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software...

EUVD•added 2026/03/21 12:31 a.m.•3 views

Exploits0References1

EUVD-2026-13844

CNNVD•added 2026/03/21 12:0 a.m.•2 views

Automated Logic WebCtrl 安全漏洞

Automated Logic WebCtrl is a web-based building automation system server developed by Automated Logic Corporation in the United States. Automated Logic WebCtrl has a security vulnerability caused by improper port binding, which may allow attackers to bind the same port and send malicious data...

7.7CVSS5.8AI score0.00022EPSS

ATTACKERKB•added 2026/03/20 11:14 p.m.•2 views

CVE-2026-25086

Vulnrichment•added 2026/03/20 11:14 p.m.•1 views

CVE-2026-25086 Automated Logic WebCTRL Premium Server Multiple Binds to the Same Port

Cvelist•added 2026/03/20 11:14 p.m.•23 views

CVE-2026-25086 Automated Logic WebCTRL Premium Server Multiple Binds to the Same Port

7.7CVSS0.00022EPSS

CVE•added 2026/03/20 11:14 p.m.•5 views

CVE-2026-25086

CVE-2026-25086 affects Automated Logic WebCTRL Premium Server. Under certain conditions, an attacker could bind to the same port used by WebCTRL, enabling the crafting and sending of malicious packets and impersonation of the WebCTRL service without requiring code injection into WebCTRL. The prov...

Positive Technologies•added 2026/03/20 12:0 a.m.•2 views

PT-2026-26693

OSV•added 2026/02/18 2:47 p.m.•4 views

CLSA-2026-1771241609 kernel: Fix of 13 CVEs

vsock: Do not allow binding to VMADDRPORTANY CVE-2025-38618 - cnic: Fix use-after-free bugs in cnicdeletetask CVE-2025-39945 - scsi: bfa: Double-free fix CVE-2025-38699 - pptp: ensure minimal skb length in pptpxmit CVE-2025-38574 - ipv6: reject malicious packets in ipv6gsosegment CVE-2025-38572 -...

7.8CVSS7AI score0.00063EPSS

Exploits0References1

CNNVD•added 2026/02/09 12:0 a.m.•3 views

Nixpkgs 安全漏洞

Nixpkgs is a collection of over 100,000 software packages open source from NixOS. It can be installed using the Nix package manager. Nixpkgs versions 25.05 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the ability for any system user to execute commands with t...

5.8CVSS5.9AI score0.00007EPSS