CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

135 matches found

CVE-2026-10211 AstrBotDevs AstrBot fs.py _normalize_rw_path authorization

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

6.5CVSS0.00036EPSS

Exploits0References5

CNNVD•added 3 days ago•2 views

AstrBot security vulnerabilities

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Version 4.23.6 of AstrBot contains a security vulnerability. This vulnerability stems from the improper authorization in the normalizerwpath function found in the...

6.5CVSS6.6AI score0.00036EPSS

Exploits0References5

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: iouring/rw: Defer fsnotify calls to task context. We cannot defer these calls outside of the kiocb completion, as that might be off-soft/hard IRQ context. We should defer the calls until we process the taskwork for this reques...

5.8AI score0.00027EPSS

Exploits0References1

OSV•added 2026/05/16 12:0 p.m.•3 views

RUSTSEC-2026-0147 Read-only volume remount bypass via guest CAP_SYS_ADMIN

Affected versions of boxlite mount host directories shared via virtiofs as guest-side read-only by setting MSRDONLY from the guest. Because the default guest capability set included CAPSYSADMIN, untrusted code running inside a sandbox could execute mount -o remount,rw to re-flag the share as...

10CVSS5.9AI score

Exploits0References4

OSV•added 2026/05/11 1:32 p.m.•3 views

MINI-4VHF-RW9F-WQM6

Bulletin has no description...

5.3CVSS5.7AI score0.00009EPSS

Exploits0

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: Potential allocated iovec in the cache may be freed after a failure. If a read/write request passes through ioreqrwcleanup, and an allocated iovec is attached to the request but fails to be placed into the rwcache, it...

5.6AI score0.00019EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fixed dtlaccesslock to use a rwsemaphore instead of a rwsemaphore. The dtlaccesslock needs to be a rwsemaphore, a sleeping lock, because the code calls kmalloc while holding it, which can cause a sleep condition:...

5.5CVSS6.4AI score0.00014EPSS

Exploits0References2

ATTACKERKB•added 2026/03/18 5:41 p.m.•3 views

CVE-2026-23259

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through ioreqrwcleanup and has an allocated iovec attached and fails to put to the rwcache, then it may end up with an unaccounted iov...

5.7AI score0.00019EPSS

Exploits0References3Affected Software1

OSV•added 2026/02/18 4:22 p.m.•1 views

UBUNTU-CVE-2026-23226

In the Linux kernel, the following vulnerability has been resolved: ksmbd: add channlock to protect ksmbdchannlist xarray ksmbdchannlist xarray lacks synchronization, allowing use-after-free in multi-channel sessions between lookupchannlist and ksmbdchanndel. Adds rwsemaphore channlock to struct...

8.8CVSS5.7AI score0.00023EPSS

Exploits0References4

Tenable Nessus•added 2026/01/16 12:0 a.m.•1 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001219)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001219 advisory. The iouring subsystem in the Linux kernel allowed the MAXRWCOUNT limit to be bypassed in the PROVIDEBUFFERS operation, which led to negative values being usedin memr...

8.8CVSS7.4AI score0.0006EPSS

Exploits0References9

NVD•added 2025/12/24 11:15 a.m.•1 views

CVE-2022-50705

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as that might be off soft/hard irq context. Defer the calls to when we process the taskwork for this request. That avoids valid...

0.00027EPSS

Exploits0References3

Positive Technologies•added 2025/12/24 12:0 a.m.•2 views

PT-2025-52935

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc6-syzkaller-00321-g105a36f3694e Description The Linux kernel contains an issue within the io uring/rw subsystem. Specifically, the code was calling fsnotify functions from an inappropriate context, leadin...

7.8CVSS6.8AI score0.00145EPSS

Exploits2References841

Positive Technologies•added 2025/12/06 12:0 a.m.•3 views

PT-2025-49368

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s io uring/rw functionality. A previous commit intended to improve cleanup processes inadvertently introduced a memory leak. Specifically, if internal...

5.5AI score0.03752EPSS

Exploits3References387