CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fixed an invalid progarray access in perfeventdetachbpfprog. Syzbot reported a crash that occurs in the following tracing scenario: - Create a tracepoint with attr.inherit=1, attach it to the process, and set the BPF...

5.5CVSS6.4AI score0.00021EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolveprogtype for BPFPROGTYPEEXT When loading a EXT program without specifying attr-attachprogfd, the prog-aux-dstprog will be null. At this time, calling resolveprogtype anywhere will resul...

5.5CVSS6.5AI score0.00033EPSS

CVE•added 2026/04/09 4:45 a.m.•6 views

CVE-2026-5844

The CVE-2026-5844 entry describes a vulnerability in D-Link DIR-882 (firmware 1.01B02) affecting the HNAP1 SetNetworkSettings handler, specifically the prog.cgi function sprintf. Manipulating the IPAddress argument triggers an OS command injection, with remote exploitation possible. Public exploi...

8.6CVSS6.7AI score0.00118EPSS

Exploits1References5Affected Software1

Cvelist•added 2026/04/09 4:45 a.m.•20 views

CVE-2026-5844 D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been...

8.6CVSS0.00118EPSS

Exploits1References5

EUVD•added 2026/03/30 12:31 a.m.•4 views

EUVD-2025-209116

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

ATTACKERKB•added 2026/03/30 12:1 a.m.•1 views

CVE-2025-7741

Cvelist•added 2026/03/30 12:1 a.m.•22 views

CVE-2025-7741

2.1CVSS0.00023EPSS

CVE•added 2026/03/30 12:1 a.m.•7 views

CVE-2025-7741

The CVE-2025-7741 entry concerns a hardcoded password issue in CENTUM VP systems. A hardcoded PROG user password (CENTUM Authentication Mode) exists in CENTUM VP releases R5.01.00–R5.04.20, R6.01.00–R6.12.00, and R7.01.00. Exploitation requires local access: an attacker must obtain the hardcoded ...

Vulnrichment•added 2026/03/30 12:1 a.m.•4 views

CVE-2025-7741

CNNVD•added 2026/03/30 12:0 a.m.•2 views

Yokogawa CENTUM VP 安全漏洞

Yokogawa CENTUM VP is a distributed control system platform developed by Yokogawa Electric Corporation in Japan. There are security vulnerabilities in Yokogawa CENTUM VP, which stem from hardcoded passwords. This could allow attackers to log in as PROG users under certain conditions...

Positive Technologies•added 2026/03/30 12:0 a.m.•3 views

PT-2026-28306

Name of the Vulnerable Software and Affected Versions CENTUM versions R5.01.00 through R5.04.20 CENTUM versions R6.01.00 through R6.12.00 CENTUM version R7.01.00 Description The affected software contains a hardcoded password for the PROG user account, used for CENTUM Authentication Mode. An...

2.1CVSS6AI score0.00023EPSS

Exploits0References8

EUVD•added 2026/03/25 12:30 p.m.•0 views

EUVD-2026-15208

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Reset prog ptr to oldprog in case of error in mtkxdpsetup Reset eBPF program pointer to oldprog and do not decrease its ref-count if mtkopen routine in mtkxdpsetup fails...

5.6AI score0.00018EPSS

Exploits0References7

OSV•added 2026/02/27 11:32 a.m.•0 views

SUSE-SU-2026:20615-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-40147: blk-throttle: fix access race during throttle policy activation bsc1253344. - CVE-2025-40257: mptcp: fix a race in mptcppmdeladdtimer...

9.8CVSS7.1AI score0.00085EPSS

Exploits2References439

SUSE CVE•added 2026/02/18 12:25 a.m.•2 views

SUSE CVE-2026-23126

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpfboundprogs list The netdevsim driver lacks a protection mechanism for operations on the bpfboundprogs list. When the nsimbpfcreateprog performs listaddtail, it is possibl...

4.7CVSS5.7AI score0.00014EPSS

Exploits0References3

Cvelist•added 2026/02/14 3:9 p.m.•24 views

CVE-2026-23126 netdevsim: fix a race issue related to the operation on bpf_bound_progs list

0.00014EPSS

Exploits0References5

Tenable Nessus•added 2026/01/22 12:0 a.m.•2 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-56665)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56665 advisory. - In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fix invalid progarray access i...

5.5CVSS5.3AI score0.00021EPSS