CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7906 matches found

CVE-2026-52974

Summary of CVE-2026-52974 (Linux kernel net: tls): The leak is a memory leak in the TLS offload RX path where, if tls_set_device_offload_rx() fails in tls_dev_add(), the cleanup path does not free the anchor skb allocated in tls_strp_init(). This occurs in the “failed to start offload” code path ...

7.5CVSS5.8AI score0.00506EPSS

Exploits0References6

OSV•added 5 days ago•3 views

MAL-2026-6381 Malicious code in ditenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0a52dbba9abeff2c606bcbc862027da259fcbd3938c827abfdbdb06ba801ecb setup.py overrides the install and egginfo commands with a RunCommand class that fires unconditionally on pip install or pip download. The override...

6.2AI score

Exploits0References2

OSSF Malicious Packages•added 5 days ago•5 views

Malicious code in fkaks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e44e1f1158eda01d3f18e3a3c01e30ebc9f8f92780ea532a63cf6ed31d8a25d3 fkaks 0.0.1 ships a setup.py that overrides the install and egginfo commands so that any pip install or pip download of the package unconditionally...

6.5AI score

Exploits0References2

OSV•added 6 days ago•4 views

MAL-2026-6290 Malicious code in toorc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cfd36909e089f17439dd3227c6f5ccef2fef2964dc26bbdbaaef0481b54615d On pip install and even pip download, the package's setup.py overrides the install and egginfo commands to execute a RunCommand routine that serializ...

6.1AI score

Exploits0References2

OSSF Malicious Packages•added 6 days ago•7 views

Malicious code in equest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfe07e7f1e241dde491d3d6f5553ed2247a6f8e1dfdf34b0eaa9943a2cba5094 The package name equest is a one-character deletion of the widely-used requests package and ships no functional library code. setup.py registers cust...

6.6AI score

Exploits0References2

OSSF Malicious Packages•added 6 days ago•7 views

Malicious code in ip-rotat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e85ab2724beee13bb6c2658c5bf5d50069c83619f062d39935226ff1fee1c0a3 On pip install or pip download, setup.py registers overridden install and egginfo cmdclass entries that execute ps -elf to capture the host's process...

6AI score

Exploits0References2

OSV•added 6 days ago•5 views

MAL-2026-6280 Malicious code in ip-rotat (PyPI)

6AI score

Exploits0References2

SUSE CVE•added 6 days ago•7 views

SUSE CVE-2026-52911

In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...

5.8AI score0.00362EPSS

Exploits0References3

Cvelist•added 2026/06/22 12:46 p.m.•32 views

CVE-2026-54100 Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS0.00157EPSS

Exploits0References2

OSV•added 2026/06/22 7:54 a.m.•4 views

MAL-2026-6262 Malicious code in inversiones-common (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 347a767ebbbb5843e6b005c167d98c9ab7b3ea943fadd88401682f2a2b14b2a4 setup.py executes a beacon function at module top level before setup is called, so the payload fires automatically on pip install inversiones-common...

6.1AI score

Exploits0References3

RedHat Linux•added 2026/06/22 5:29 a.m.•4 views

kernel: net: use dst_dev_rcu() in sk_setup_caps()

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

5.7AI score0.00167EPSS

Exploits0References5

ATTACKERKB•added 2026/06/21 6:18 a.m.•7 views

CVE-2026-52911

5.7AI score0.00362EPSS

Exploits0References8Affected Software1

Cvelist•added 2026/06/21 6:18 a.m.•34 views

CVE-2026-52911 ksmbd: scope conn->binding slowpath to bound sessions only

8.8CVSS0.00362EPSS

Exploits0References7

Tenable Nessus•added 2026/06/21 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the...

8.8CVSS5.8AI score0.00362EPSS

Exploits0References3

OSSF Malicious Packages•added 2026/06/20 11:24 p.m.•9 views

Malicious code in requests-enhancer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...

6.7AI score

Exploits0References5

AstraLinux•added 2026/06/19 11:10 a.m.•2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: A memory leak occurs when the build ntlmssp negotiate blob operation fails. There is a memory leak when mounting CIFS shares: - Unreferenced object: 0xffff888166059600 size 448 Command: “mount.cifs”, PID: 51391, Jiffies:...

5.5CVSS5.2AI score0.00168EPSS

Exploits0References2

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fixed NULL pointer dereferencing in ixgbexdpsetup The ixgbe driver currently causes a NULL pointer dereferencing with some machines online cpus ringfeatureRINGFFDIR.limit = count; This results in numqueues being set to 63...

5.5CVSS6.3AI score0.00239EPSS

Exploits0References2

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in liblivemedia

In liveMedia/FramedSource.cpp within Live555, up to version 1.08, an assertion failure can occur, leading to an application exit through multiple SETUP and PLAY commands...

5.5CVSS6.1AI score0.00865EPSS

Exploits1References2

AstraLinux•added 2026/06/19 11:10 a.m.•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed a kernel warning during topology setup This patch fixes the following kernel warning that occurred during driver loading by correctly initializing the p2plink attr before creating the sysfs file: +0.002865...

5.4AI score0.00166EPSS

Exploits0References2

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: can: bcm: bcmtxsetup: fixed KMSAN uninit-value in vfswrite Syzkaller reported the following issues: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 inline BUG: KMSAN:...

5.5CVSS5.9AI score0.00185EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by