CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/20 12:0 a.m.•8 views

Ledger Bitcoin app 安全漏洞

The Ledger Bitcoin app is an open-source application developed by Ledger, which runs on the Ledger hardware wallet. There are security vulnerabilities in the 2.1.0 and 2.1.1 versions of the Ledger Bitcoin app. These vulnerabilities stem from improper handling of miniscripts containing the ‘a’...

4.1CVSS5.8AI score0.0014EPSS

Tenable Nessus•added 2026/05/20 12:0 a.m.•5 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021531)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021531 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: set the right AMDGPU sg segment limitation The driver needs to set the correct...

5.5CVSS6AI score0.00222EPSS

Exploits0References4

Tenable Nessus•added 2026/05/20 12:0 a.m.•3 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021600)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021600 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix missing skbuff release in seg6inputcore The seg6input function is responsible for...

6.2CVSS5.9AI score0.00223EPSS

Exploits0References4

NVD•added 2026/05/19 10:16 p.m.•6 views

CVE-2024-36343

Improper input validation in the System Management Mode SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment TSEG memory region, potentially resulting in loss of confidentiality or integrity...

4.6CVSS0.00186EPSS

Cvelist•added 2026/05/19 9:3 p.m.•25 views

CVE-2024-36343

4.6CVSS0.00186EPSS

Vulnrichment•added 2026/05/19 9:3 p.m.•12 views

CVE-2024-36343

4.6CVSS5.9AI score0.00186EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•8 views

PT-2026-42015

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper input validation in the System Management Mode SMM communications buffer allows a privileged attacker to perform an out-of-bounds read or write to a...

4.6CVSS5.9AI score0.00186EPSS

Exploits0References6

Tenable Nessus•added 2026/05/15 12:0 a.m.•7 views

Next.js Framework 15.2.x < 15.5.16 / 16.x < 16.2.5 Authorization Bypass

The Next.js Framework on the remote host is affected by an authorization bypass vulnerability: - App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affecte...

NVD•added 2026/05/13 5:16 p.m.•10 views

CVE-2026-44575

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment...

7.5CVSS0.01048EPSS

Vulnrichment•added 2026/05/13 5:11 p.m.•4 views

CVE-2026-45109 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6...

7.5CVSS5.8AI score0.00386EPSS

CVE•added 2026/05/13 5:11 p.m.•31 views

CVE-2026-45109

This CVE relates to Next.js prior to fixes: from 15.2.0 to before 15.5.18 and 16.2.6, the fix for CVE-2026-44575 did not apply to middleware.ts with Turbopack. The vulnerability is fixed in Next.js versions 15.5.18 and 16.2.6. Affected software: Next.js (Next.js framework for full‑stack apps). Un...

7.5CVSS5.8AI score0.00386EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/13 5:11 p.m.•28 views

CVE-2026-45109 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

7.5CVSS0.00386EPSS

Cvelist•added 2026/05/13 4:54 p.m.•29 views

CVE-2026-44575 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

7.5CVSS0.01048EPSS

Vulnrichment•added 2026/05/13 4:54 p.m.•6 views

CVE-2026-44575 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

ATTACKERKB•added 2026/05/13 4:54 p.m.•6 views

CVE-2026-44575

Exploits0References2Affected Software1

CVE•added 2026/05/13 4:54 p.m.•21 views

CVE-2026-44575

Summary: CVE-2026-44575 affects Next.js App Router: middleware/proxy authorization checks can be bypassed via transport-specific route variants used for segment prefetching. Specifically, in versions 15.2.0–before 15.5.16 and 16.2.5, specially crafted .rsc and segment-prefetch URLs can resolve to...

Exploits0References1Affected Software1

SUSE CVE•added 2026/05/13 3:35 a.m.•2 views

SUSE CVE-2026-43302

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'maxsegsize' is not set. The kernel defaults ...

5.8AI score0.00123EPSS

Exploits0References3

CNNVD•added 2026/05/13 12:0 a.m.•5 views

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 15.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise when the App Router relies on middleware or proxy authorization checks. Specific route variants are used fo...