CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/28 10:16 a.m.•4 views

UBUNTU-CVE-2026-46167

EUVD•added 2026/05/28 9:36 a.m.•9 views

EUVD-2026-32794

SUSE CVE•added 2026/05/28 3:56 a.m.•5 views

Exploits0References5

SUSE CVE-2026-45923

In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catcprobe fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbsndbulkpipeusbdev, 1 and usbrcvbulkpipeusbdev, 1 for TX/RX -...

RedhatCVE•added 2026/05/28 1:12 a.m.•8 views

CVE-2026-45923

A flaw was found in the Linux kernel's net: usb: catc driver. A malformed Universal Serial Bus USB device can present endpoint descriptors with transfer types that differ from what the driver expects. This can lead to the driver attempting to use incorrect endpoint types, potentially causing...

5.5CVSS5.8AI score0.00032EPSS

Exploits0References4

Positive Technologies•added 2026/05/28 12:0 a.m.•7 views

PT-2026-44290

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A heap leak exists in the usblp driver. The usblp read status function requests 1 byte of data, but if a malicious printer responds with zero bytes, the usblp ctrl msg function discards the...

9.8CVSS5.9AI score0.00254EPSS

Exploits12References284

EUVD•added 2026/05/27 3:33 p.m.•8 views

EUVD-2026-32389

OSV•added 2026/05/27 2:17 p.m.•4 views

UBUNTU-CVE-2026-45923

5.7AI score0.00032EPSS

Cvelist•added 2026/05/27 12:17 p.m.•32 views

CVE-2026-45923 net: usb: catc: enable basic endpoint checking

0.00032EPSS

Exploits0References7

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-43790

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The catc probe function fills three USB Request Blocks URBs with hardcoded endpoint pipes without verifying the endpoint descriptors. Specifically, it uses usb sndbulkpipeusbdev, 1 and u...

5.5AI score0.00032EPSS

Exploits0References16

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: imon: fix access to invalid resources for the second interface The imon driver probes two USB interfaces. When probing the second interface, the driver assumes blindly that the first interface was bound to the same imon...

5.5CVSS6AI score0.00017EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Staging: media: tegra-video: Fixed the use of devicenode after freeing it. At the time of testing, the following code path is followed: - tegracsiinit - tegracsichannelsalloc - foreachchildofnodenode, channel – Iterates over...

5.9AI score0.00029EPSS

Exploits0References1

SUSE CVE•added 2026/05/07 2:17 a.m.•5 views

SUSE CVE-2026-43156

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: enable basic endpoint checking pegasusprobe fills URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbrcvbulkpipedev, 1 for RX data - usbsndbulkpipedev, 2 for TX data -...

5.5CVSS5.8AI score0.00017EPSS

NVD•added 2026/05/06 12:16 p.m.•2 views

CVE-2026-43156

5.5CVSS0.00017EPSS

CVE•added 2026/05/06 11:27 a.m.•4 views

CVE-2026-43156

The CVE-2026-43156 entry affects the Linux kernel USB Pegasus driver. The root cause is that pegasus_probe() built URBs using hardcoded endpoint pipes (RX bulk 1, TX bulk 2, status interrupt 3) without validating endpoint descriptors, allowing a malformed USB device to present endpoints with mism...

5.5CVSS5.8AI score0.00017EPSS

Exploits0References8Affected Software1

Cvelist•added 2026/05/06 11:27 a.m.•23 views

CVE-2026-43156 net: usb: pegasus: enable basic endpoint checking

0.00017EPSS

CVE•added 2026/05/06 7:40 a.m.•4 views

CVE-2026-43095

In CVE-2026-43095, the Linux kernel ASoC SDCA subsystem fixes an IRQ cleanup flaw. IRQs are currently enabled via sdca_irq_populate() from component probe using devm_request_threaded_irq(), which can cause IRQs to persist after a sound card teardown. Some IRQ handlers hold references to the card ...

5.5CVSS5.8AI score0.00014EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/06 7:40 a.m.•5 views

CVE-2026-43087

The CVE-2026-43087 issue affects the Linux kernel’s pinctrl/mcp23s08 driver. Root cause: during probe, reg_defaults were removed from the regmap, causing the MCP_GPINTEN value to be read from the chip (possibly non-zero) and trigger a nested IRQ handler that may not exist, leading to a kernel cra...

5.5CVSS5.8AI score0.00014EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/24 2:35 p.m.•4 views

CVE-2026-31573

The vulnerability CVE-2026-31573 affects the Linux kernel media: verisilicon hantro_vpu driver. When built as a module, incorrect use of the __initconst annotation frees data prematurely, and non-init probe code later accesses this freed data, causing a kernel panic (page fault) during hantro_pro...

5.5CVSS5.3AI score0.00017EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/04/24 12:0 a.m.•2 views

PT-2026-34925

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to initconst misuse Fix a kernel panic when probing the driver as a module: Unable to handle kernel paging request at virtual address ffffd9c18eb05000 of find matching node and...

5.3AI score0.00017EPSS