CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/27 2:16 p.m.•2 views

UBUNTU-CVE-2026-45866

5.7AI score0.00032EPSS

Exploits0References3

ATTACKERKB•added 2026/05/27 12:59 p.m.•7 views

CVE-2026-46099

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6inputcore and rplinput call ip6routeinput which sets a NOREF dst on the skb, then pass it to dstcachesetip6 invoking dsthold unconditionally. On PREEMPTRT, ksoftirqd is...

8.1CVSS5.7AI score0.00072EPSS

Exploits0References8Affected Software1

EUVD•added 2026/05/27 12:59 p.m.•4 views

EUVD-2026-32482

5.8AI score0.00072EPSS

CVE•added 2026/05/27 12:59 p.m.•16 views

CVE-2026-46099

The CVE-2026-46099 entry describes a use-after-free race in Linux kernel IPv6 handling for seg6 and rpl lightweight tunnels. A NOREF destination cached during ip6_route_input() can be freed by a concurrent FIB lookup on a shared nexthop under PREEMPT_RT, leading to a WARN or potential instability...

8.1CVSS5.8AI score0.00072EPSS

Exploits0References7

CVE•added 2026/05/27 12:57 p.m.•13 views

CVE-2026-46049

In the Linux kernel, ALSA ctxfi fixes a S/PDIF resource calculation: spdif_passthru_playback_get_resources() used atc->pll_rate as the RSR, but pll_rate is only set in atc_pll_init, not hw_pll_init, so it can remain 0 after card init. If spdif_passthru_playback_setup() skips atc_pll_init() (e....

CVE•added 2026/05/27 12:57 p.m.•12 views

CVE-2026-46048

The CVE-2026-46048 issue is in the Linux kernel ALSA caiaq driver. The bug caused a usb_dev reference leak when probe failed because private_free was assigned only later in init_card(), after several failure points. If init_card() returned early, snd_card_free(card) ran without a matching private...

ATTACKERKB•added 2026/05/27 12:57 p.m.•4 views

CVE-2026-46048

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usbdev refcount leak on probe failure createcard takes a reference on the USB device with usbgetdev and stores the matching usbputdev in cardfree, which is installed as the sndcard's -privatefree destructor...

5.7AI score0.00032EPSS

Exploits0References9Affected Software1

Cvelist•added 2026/05/27 12:57 p.m.•32 views

CVE-2026-46048 ALSA: caiaq: fix usb_dev refcount leak on probe failure

0.00032EPSS

EUVD•added 2026/05/27 12:57 p.m.•5 views

EUVD-2026-32430

Debian CVE•added 2026/05/27 12:57 p.m.•5 views

CVE-2026-46048

5.7AI score0.00032EPSS

Exploits0

EUVD•added 2026/05/27 12:57 p.m.•3 views

EUVD-2026-32428

In the Linux kernel, the following vulnerability has been resolved: ext4: fix missing brelse in ext4xattrinodedecrefall The commit c8e008b60492 "ext4: ignore xattrs past end" introduced a refcount leak in when blockcsum is false. ext4xattrinodedecrefall calls ext4getinodeloc to get iloc.bh, but...

CVE•added 2026/05/27 12:56 p.m.•7 views

CVE-2026-46005

The vulnerability CVE-2026-46005 affects the Linux kernel, specifically the XFS code path in xfs_alloc_buftarg(). In the error path, the DAX device reference may not be dropped, causing a resource leak. The fix adds a call to fs_put_dax() to drop the DAX reference, mitigating the leak. References...

EUVD•added 2026/05/27 12:56 p.m.•5 views

EUVD-2026-32302

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a resource leak in xfsallocbuftarg In the error path, call fsputdax to drop the DAX device reference...

Cvelist•added 2026/05/27 12:55 p.m.•34 views

CVE-2026-45997 scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: fix missing putdisk when deviceadd&diskdev fails If deviceadd&sdkp-diskdev fails, putdevice runs scsidiskrelease, which frees the scsidisk but leaves the gendisk referenced. The deviceadddisk error path in sdprobe calls...

0.00032EPSS

Exploits0References6

Cvelist•added 2026/05/27 12:55 p.m.•30 views

CVE-2026-45996 spi: imx: fix use-after-free on unbind

In the Linux kernel, the following vulnerability has been resolved: spi: imx: fix use-after-free on unbind The SPI subsystem frees the controller and any subsystem allocated driver data as part of deregistration unless the allocation is device managed. Take another reference before deregistering...

0.00024EPSS

EUVD•added 2026/05/27 12:55 p.m.•7 views

EUVD-2026-32292

CVE•added 2026/05/27 12:55 p.m.•9 views

CVE-2026-45996

The CVE-2026-45996 issue affects the Linux kernel SPI imx driver, where a use-after-free can occur on unbind because the SPI subsystem frees controller and subsystem data during deregistration unless the allocation is device-managed. The fix adds a reference before deregistering the controller so...

CVE•added 2026/05/27 12:55 p.m.•12 views

CVE-2026-45989

In the Linux kernel CVE-2026-45989, a use-after-free occurs in testdrv_probe() where a released device_node (via of_node_put) may later be passed to of_platform_default_populate(), risking use-after-free of the freed pointer. The root cause is that pdev->dev.of_node is owned by the device mode...

5.7AI score0.00024EPSS

Cvelist•added 2026/05/27 12:18 p.m.•31 views

CVE-2026-45984 gfs2: Fix use-after-free in iomap inline data write path

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head dibh is being released prematurely in gfs2iomapbegin via releasemetapath while iomap-inlinedata still points to dibh-bdata. This causes a...

7.8CVSS0.00013EPSS