Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9101 matches found

Positive Technologies
Positive Technologiesadded 2026/04/25 12:0 a.m.3 views

PT-2026-35139

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In openvswitch, the validate set function accepted OVS KEY ATTR MPLS as a variable-sized payload for SET and SET MASKED actions. However, action handling expects fixed-size MPLS key data...

8.8CVSS5.8AI score0.00079EPSS
Exploits0References55
OSV
OSVadded 2026/04/24 3:16 p.m.1 views

DEBIAN-CVE-2026-31615

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

5.5CVSS5.3AI score0.00019EPSS
Exploits0References1
NVD
NVDadded 2026/04/24 3:16 p.m.2 views

CVE-2026-31540

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check setdefaultsubmission before deferencing When the i915 driver firmware binaries are not present, the setdefaultsubmission pointer is not set. This pointer is dereferenced during suspend anyways. Add a check to...

5.5CVSS0.00015EPSS
Exploits0References7
CVE
CVEadded 2026/04/24 2:44 p.m.6 views

CVE-2026-31634

The CVE-2026-31634 item concerns the Linux kernel rxrpc subsystem. Affected component: rxrpc_server_keyring() within the rxrpc code path. Root cause: a reference count leak that could occur if the code path handles security pointers improperly. The provided patch fixes the leak by adding a check ...

5.5CVSS5.3AI score0.00014EPSS
Exploits0References8Affected Software1
Cvelist
Cvelistadded 2026/04/24 2:42 p.m.26 views

CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

0.00019EPSS
Exploits0References9
Debian CVE
Debian CVEadded 2026/04/24 2:42 p.m.4 views

CVE-2026-31615

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

5.5CVSS5.3AI score0.00019EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/04/24 2:42 p.m.1 views

CVE-2026-31615

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

5.4AI score0.00019EPSS
Exploits0References7Affected Software1
EUVD
EUVDadded 2026/04/24 2:42 p.m.2 views

EUVD-2026-25508

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

5.4AI score0.00019EPSS
Exploits0References4
CVE
CVEadded 2026/04/24 2:42 p.m.9 views

CVE-2026-31615

In CVE-2026-31615, the Linux kernel USB gadget code for renesas_usb3 (and related aspeed_udc context) did not validate endpoint indices in standard requests (GET_STATUS, SET/CLEAR_FEATURE). The host-supplied wIndex could be used to dereference a pointer without confirming endpoint count, risking ...

5.5CVSS5.4AI score0.00019EPSS
Exploits0References9Affected Software1
EUVD
EUVDadded 2026/04/24 2:42 p.m.2 views

EUVD-2026-25475

In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Fix use-after-free on USB disconnect After powerzdisconnect frees the URB and releases the mutex, a subsequent powerzread call can acquire the mutex and call powerzreaddata, which dereferences the freed URB pointer...

5.4AI score0.00015EPSS
Exploits0References4
CVE
CVEadded 2026/04/24 2:33 p.m.5 views

CVE-2026-31540

CVE-2026-31540 affects the Linux kernel i915 graphics driver. The vulnerability occurs when the i915 firmware binaries are absent and the set_default_submission pointer is not initialized, which can be dereferenced during suspend, causing a kernel NULL pointer dereference and a potential DoS. The...

5.5CVSS5.4AI score0.00015EPSS
Exploits0References7Affected Software1
Cvelist
Cvelistadded 2026/04/24 2:33 p.m.23 views

CVE-2026-31540 drm/i915/gt: Check set_default_submission() before deferencing

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check setdefaultsubmission before deferencing When the i915 driver firmware binaries are not present, the setdefaultsubmission pointer is not set. This pointer is dereferenced during suspend anyways. Add a check to...

0.00015EPSS
Exploits0References7
OSV
OSVadded 2026/04/24 11:46 a.m.2 views

SUSE-SU-2026:1602-1 Security update for libpng16

This update for libpng16 fixes the following issue: - CVE-2026-34757: information disclosure and data corruption due to use-after-free in pngsetPLTE, pngsettRNS and pngsethIST bsc1261957...

5.1CVSS5.5AI score0.00006EPSS
Exploits1References3
SUSE Linux
SUSE Linuxadded 2026/04/24 11:46 a.m.2 views

Security update for libpng16

This update for libpng16 fixes the following issue: CVE-2026-34757: information disclosure and data corruption due to use-after-free in pngsetPLTE, pngsettRNS and pngsethIST bsc1261957. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

5.1CVSS5.5AI score0.00006EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/04/24 12:14 a.m.25 views

CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS0.00071EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/24 12:14 a.m.1 views

CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS5.6AI score0.00071EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/24 12:5 a.m.26 views

CVE-2026-31952 Xibo CMS API has SQL Injection via DataSet Filter Parameter

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to...

7.6CVSS0.00058EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/24 12:0 a.m.4 views

PT-2026-34967

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The renesas usb3 gadget driver fails to validate the endpoint index provided by the host in the wIndex variable within the 'GET STATUS' and 'SET/CLEAR FEATURE' standard request handlers...

9.8CVSS5.8AI score0.00102EPSS
Exploits0References81
Oracle linux
Oracle linuxadded 2026/04/24 12:0 a.m.4 views

libpng12 security update

1.2.50-10.0.1 - Fix CVE-2026-25646: heap buffer overflow in pngsetquantize Orabug: 39183864...

8.3CVSS5.6AI score0.00081EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2026/04/23 7:12 p.m.2 views

CVE-2026-41176

A flaw was found in Rclone, a command-line program designed for synchronizing files with various cloud storage providers. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, options/set, to disable the authorization mechanism for other RC methods. This vulnerability...

9.8CVSS5.7AI score0.26321EPSS
Exploits1References6
Rows per page
Query Builder