CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit smealloc early with existing storage When smealloc is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fi...

5.5CVSS8.5AI score0.00016EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Discarding stale CPU state when handling SME traps The logic for handling SME traps incorrectly manipulates the saved FPSIMD/SVE/SME state. A race condition can occur where the SME trap handler is preempted before a...

5.5CVSS5.8AI score0.00121EPSS

SUSE CVE•added 2026/02/18 12:25 a.m.•1 views

SUSE CVE-2026-23114

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fix SVE writes on !SME systems When SVE is supported but SME is not supported, a ptrace write to the NTARMSVE regset can place the tracee into an invalid state where non-streaming SVE register data is stored...

5.5CVSS5.7AI score0.00019EPSS

Exploits0References3

OSV•added 2026/02/14 3:16 p.m.•1 views

UBUNTU-CVE-2026-23114

5.5CVSS5.7AI score0.00019EPSS

Exploits0References5

OSV•added 2026/02/14 3:9 p.m.•2 views

CVE-2026-23114 arm64/fpsimd: ptrace: Fix SVE writes on !SME systems

5.5CVSS5.3AI score0.00019EPSS

Exploits0References5

Debian CVE•added 2026/02/14 3:9 p.m.•3 views

CVE-2026-23114

5.5CVSS5.4AI score0.00019EPSS

Exploits0

CVE•added 2026/02/14 3:9 p.m.•6 views

CVE-2026-23114

Summary (CVE-2026-23114) The Linux kernel arm64 FPSIMD/SVE state management vulnerability arises when SVE is supported but SME is not: a ptrace write to the NT_ARM_SVE regset can place the tracee in an invalid state, storing non-streaming SVE data in FP_STATE_SVE format while TIF_SVE is not set. ...

5.5CVSS5.3AI score0.00019EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/02/14 12:0 a.m.•2 views

PT-2026-8107

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fix SVE writes on !SME systems When SVE is supported but SME is not supported, a ptrace write to the NT ARM SVE regset can place the tracee into an invalid state where non-streaming SVE register data is stor...

5.3AI score0.00019EPSS

Exploits0References3

SUSE CVE•added 2026/02/05 12:24 a.m.•4 views

SUSE CVE-2026-23102

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few ways, including placing the task into an invalid state where the kernel may read from out-of-bounds...

5.5CVSS5.5AI score0.00018EPSS

Exploits0References19

NVD•added 2026/02/04 5:16 p.m.•3 views

CVE-2026-23102

7.1CVSS0.00018EPSS

Exploits0References4

UbuntuCve•added 2026/02/04 5:16 p.m.•2 views

CVE-2026-23107

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the task's svestate before setting TIFSME. Consequently, restoring a ZA context can place a task into an...

5.5CVSS5.8AI score0.00018EPSS

Exploits0References12

ATTACKERKB•added 2026/02/04 4:8 p.m.•3 views

CVE-2026-23102

5.5AI score0.00018EPSS

Exploits0References5Affected Software1

CVE•added 2026/02/04 4:8 p.m.•5 views

CVE-2026-23102

CVE-2026-23102 affects the ARM64/Linux kernel path arm64/fpsimd: signal, where restoring SVE signal context with SME enabled can put a task into an invalid state. The vulnerability allows out-of-bounds memory reads or a potential fatal fault, or task termination via SIGKILL, if SVE signal data is...

7.1CVSS5.5AI score0.00018EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2026/02/04 1:20 p.m.•1 views

CVE-2025-8456

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kod8 Software Technologies Trade Ltd. Co. Kod8 Individual and SME Website allows Reflected XSS.This issue affects Kod8 Individual and SME Website: through 03022026. NOTE: The vendor was...

ATTACKERKB•added 2026/02/03 8:22 a.m.•1 views

CVE-2025-8456

EUVD•added 2026/02/03 8:22 a.m.•3 views

EUVD-2025-206660

CVE•added 2026/02/03 8:22 a.m.•5 views

CVE-2025-8456

CVE-2025-8456 affects Kod8 Individual and SME Website. Red Hat and Circl/CIRCL data confirm a vulnerability in input handling during web page generation, leading to a Reflected XSS . Affected software/versions are cited as Kod8 Individual and SME Website up to 03022026. The underlying cause is im...

Tenable Nessus•added 2026/01/22 12:0 a.m.•3 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-38170)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38170 advisory. - In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Discard stale CPU state...

5.5CVSS5.3AI score0.00121EPSS