CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: “aoe”: The potential use-after-free problem has been fixed in multiple locations. Regarding the fix for CVE-2023-6270, f98364e92662 “aoe: The potential use-after-free problem has been fixed in aoecmdcfgpkts” involves replacing...

7.8CVSS6.5AI score0.00012EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Use pmruntimeresumeandget to prevent refcnt leak In arizonaclk32kenable, we should use pmruntimeresumeandget. pmruntimegetsync will increase the refcnt even when it returns an error...

5.5CVSS5.3AI score0.00017EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•7 views

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: fix ref leak when switching zones When switching zones or network namespaces without doing a ct clear in between, it is now leaking a reference to the old ct entry. That's because tcfctskbnfctcached returns fals...

5.5CVSS5.5AI score0.00136EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: mdio: Fixed an unbalanced fwnode reference count in mdiodevicerelease. There is a warning report regarding a refcount leak when probing the mdio device: OF: Error: Memory leak; the expected refcount was 1 instead of 2. The...

5.5CVSS5.8AI score0.00016EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Really move i915gemcontext.link under ref protection i915perf assumes that it can use the i915gemcontext reference to protect its i915-gem.contexts.list iteration. However, this requires that we do not remove the...

7.8CVSS6.3AI score0.00017EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fixed a device reference count leak in atrtrcreate. When updating an existing route entry in atrtrcreate, the old device reference was not released before assigning the new device, resulting in a device reference...

5.5CVSS6.4AI score0.00051EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: Fixed a refcount leak for cifssbtlink. Fixed three inconsistencies related to refcounts in cifssbtlink. The comments for cifssbtlink indicate that cifsputtlink must be called after successful calls to cifssbtlink...

5.2AI score0.00083EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: regulator: fp9931: Fixed a runtime reference leak in fp9931hwmonread. In fp9931hwmonread, if regmapread fails, the function returns an error code without calling pmruntimeputautosuspend, resulting in a PM reference leak...

5.5CVSS5.2AI score0.00019EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Avoid using sksocket after free when sending messages. The sk-sksocket is not locked or referenced in the backlog thread. During the call to skbsendsock, there is a race condition involving the release of sksocket...

7.8CVSS6AI score0.0007EPSS

OSV•added 2026/05/03 2:18 p.m.•2 views

MINI-869F-M37R-WG78

Bulletin has no description...

9.8CVSS5.7AI score0.00014EPSS

Exploits0

NVD•added 2026/05/03 7:16 a.m.•10 views

CVE-2026-5337

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

6.5CVSS0.00043EPSS

Cvelist•added 2026/05/03 6:0 a.m.•35 views

CVE-2026-5337 Frontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary Download Access via IDOR

0.00043EPSS

EUVD•added 2026/05/03 6:0 a.m.•2 views

EUVD-2026-26818

5.8AI score0.00043EPSS

ATTACKERKB•added 2026/05/03 6:0 a.m.•3 views

CVE-2026-5337

5.8AI score0.00043EPSS

OSV•added 2026/05/02 3:0 p.m.•4 views

MINI-J374-FQXJ-Q537

Bulletin has no description...

6.7CVSS5.7AI score0.00013EPSS

Exploits0

NVD•added 2026/05/02 2:16 p.m.•1 views

CVE-2026-2554

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfmdeletewcfmcustomer' due to missing validation on the 'customerid' user...

8.1CVSS0.00015EPSS

Cvelist•added 2026/05/02 1:26 p.m.•27 views

CVE-2026-2554 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.25 - Authenticated (Vendor+) Insecure Direct Object Reference to Arbitrary User Deletion

8.1CVSS0.00015EPSS

CVE•added 2026/05/02 1:26 p.m.•9 views

CVE-2026-2554

The CVE concerns the WCFM – Frontend Manager for WooCommerce and Bookings Subscription Listings Compatible plugin for WordPress. It describes an Insecure Direct Object Reference vulnerability (CWE/impact not explicitly named in provided text) exposed via the wcfm_delete_wcfm_customer parameter, c...

8.1CVSS5.9AI score0.00015EPSS

EUVD•added 2026/05/02 1:26 p.m.•0 views

EUVD-2026-26789

8.1CVSS5.9AI score0.00015EPSS