CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 3 hours ago•2 views

CVE-2026-46272

A flaw was found in the Linux kernel's Coresight Trace Memory Controller TMC Embedded Trace Router ETR driver. A race condition can occur when both the sysfs and perf modes are used simultaneously. This can lead to a kernel warning, potentially causing system instability or unexpected behavior...

NVD•added 3 hours ago•2 views

CVE-2026-46272

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARNON in tmcetrenablehw is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at...

NVD•added 3 hours ago•2 views

CVE-2026-46270

In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

Exploits0References8

NVD•added 3 hours ago•3 views

CVE-2026-46246

In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916lbc: Fix use-after-free for extcon in IRQ handler Using the devm variant for requesting IRQ before the devm variant for allocating/registering the extcon handle, means that the extcon handle will be...

CVE•added 5 hours ago•3 views

CVE-2026-40290

OP-TEE (Trusted Execution Environment) on Arm Cortex-A with TrustZone suffers a Use-After-Free race in FF-A shared-memory teardown when OP-TEE is configured as an SPMC for S-EL0 SPs (CFG_SECURE_PARTITION=y). The bug lies in sp_mem_remove() not acquiring the global sp_mem_lock before freeing entri...

7.8CVSS5.8AI score

CVE•added 6 hours ago•2 views

CVE-2026-46272

CVE-2026-46272 affects the Linux kernel coresight: tmc-etr. The issue is a race between sysfs mode and perf mode when enabling the hardware, triggered by a WARN_ON in tmc_etr_enable_hw() if both paths run concurrently. The root cause is a two-step sequence: sysfs buffer allocation and hardware en...

5.9AI score

Cvelist•added 6 hours ago•2 views

CVE-2026-46272 coresight: tmc-etr: Fix race condition between sysfs and perf mode

EUVD•added 6 hours ago•2 views

EUVD-2026-34134

5.9AI score

ATTACKERKB•added 6 hours ago•1 views

CVE-2026-46272

Exploits0References4Affected Software1

EUVD•added 6 hours ago•2 views

EUVD-2026-34132

ATTACKERKB•added 6 hours ago•1 views

Exploits0References8

CVE-2026-46246

Exploits0References5Affected Software1

RedHat Linux•added 6 hours ago•3 views

kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service

A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...

7.8CVSS5.9AI score0.00013EPSS

Exploits0References5

Positive Technologies•added 21 hours ago•2 views

PT-2026-46009

In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916 lbc: Fix use-after-free for extcon in IRQ handler Using the devm variant for requesting IRQ before the devm variant for allocating/registering the extcon handle, means that the extcon handle will be...

Positive Technologies•added 21 hours ago•2 views

Exploits0References5

PT-2026-46035

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARN ON in tmc etr enable hw is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at...

5.9AI score

CVE•added yesterday•7 views

CVE-2026-35202

Summary of vulnerability (CVE-2026-35202) : Pterodactyl Panel’s Client API suffers a race-condition in the database resource limiter. The code path in DatabaseController.php attempts to lock database allocations with lockForUpdate(), but the Laravel call is a no-op (no terminal operation is sent)...

2.3CVSS5.8AI score

Cvelist•added yesterday•22 views

CVE-2026-35202 Pterodactyl has a database resource limit bypass via race condition in Client API

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...

2.3CVSS

RedhatCVE•added yesterday•5 views

CVE-2026-20454

In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786...

6.4CVSS5.8AI score0.00011EPSS