CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/05/20 12:0 a.m.•3 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021577)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021577 advisory. In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtprxrtssessionnew...

5.5CVSS6.6AI score0.00004EPSS

Exploits0References4

EUVD•added 2026/05/12 3:31 a.m.•6 views

EUVD-2026-29365

SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...

CVE•added 2026/05/12 2:21 a.m.•7 views

CVE-2026-40136

Technical details are not publicly available in the provided documents; no affected versions, vectors, or mitigations are specified. Monitor for updates to SAP Financial Consolidation CVE-2026-40136.

Vulnrichment•added 2026/05/12 2:21 a.m.•4 views

CVE-2026-40136 Denial of service (DoS) in SAP Financial Consolidation

Cvelist•added 2026/05/12 2:21 a.m.•31 views

CVE-2026-40136 Denial of service (DoS) in SAP Financial Consolidation

4.3CVSS0.00014EPSS

ATTACKERKB•added 2026/05/12 2:21 a.m.•3 views

CVE-2026-40136

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-39929

Cvelist•added 2026/05/08 3:49 a.m.•28 views

CVE-2026-42276 Onyx: IDOR in /chat/stop-chat-session allows any authenticated user to interrupt other users chat sessions

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/chatsessionid endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An...

4.3CVSS0.00049EPSS

Exploits1References1

CNNVD•added 2026/05/08 12:0 a.m.•5 views

Onyx 安全漏洞

Onyx is an open-source AI large model platform developed by Onyx. Vulnerabilities exist in versions prior to Onyx 3.0.9, 3.1.6, and 3.2.6. These vulnerabilities stem from the POST /chat/stop-chat-session/chatsessionid endpoint checking authentication but failing to verify that the session belongs...

4.3CVSS5.8AI score0.00049EPSS

Exploits1References1

OSV•added 2026/05/06 7:25 p.m.•1 views

USN-8233-2 nghttp2 vulnerability

USN-8233-1 fixed a vulnerability in nghttp2. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could...

Positive Technologies•added 2026/05/06 12:0 a.m.•4 views

PT-2026-38541

7.5CVSS6.9AI score0.0003EPSS

CNNVD•added 2026/05/06 12:0 a.m.•2 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iris driver’s failure to check for null pointers when session termination occurs, potentially...

5.5CVSS5.8AI score0.00013EPSS

Exploits0References1

Tenable Nessus•added 2026/05/06 12:0 a.m.•4 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : nghttp2 vulnerability (USN-8233-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8233-1 advisory. Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session...

7.5CVSS7.3AI score0.0003EPSS

OSV•added 2026/05/05 5:7 p.m.•3 views

USN-8233-1 nghttp2 vulnerability

Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service...

Ubuntu•added 2026/05/05 5:7 p.m.•9 views

USN-8233-1: nghttp2 vulnerability

Positive Technologies•added 2026/05/05 12:0 a.m.•4 views

Exploits0

PT-2026-38082

Name of the Vulnerable Software and Affected Versions nghttp2 versions prior to 1.40.0-1ubuntu0.3+esm1 Description nghttp2 fails to properly validate internal state when the session termination API is called. A remote attacker could exploit this to cause the software to crash, leading to a denial...

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.10

A NULL pointer dereference flaw was discovered in the Linux kernel’s X.25 set of standardized network protocol functions. This flaw allows a local user to crash the system by terminating their session using a simulated Ethernet card while continuing to use that connection...

5.5CVSS6.7AI score0.00042EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtprxrtssessionnew This patch enhances error handling in scenarios with RTS Request to Send messages arriving closely. It replaces the less informative...

5.5CVSS6AI score0.00004EPSS