CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/28 10:16 a.m.•6 views

CVE-2026-46158

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: always decrease sk refcount When an ADDADDR is retransmitted, the sk is held in skresettimer. It should then be released in all cases at the end. Some unlikely checks were returning directly instead of...

0.00024EPSS

NVD•added 2026/05/28 10:16 a.m.•7 views

CVE-2026-46137

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: fix potential data-race This mptcppmaddtimer helper is executed as a timer callback in softirq context. To avoid any data races, the socket lock needs to be held with bhlocksock. If the socket is in use,...

9.8CVSS0.0006EPSS

NVD•added 2026/05/28 10:16 a.m.•6 views

CVE-2026-46135

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp, but it does so without serializing against target-side queue...

9.8CVSS0.00074EPSS

Exploits0References4

NVD•added 2026/05/28 10:16 a.m.•5 views

CVE-2026-46104

In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperms currently dereference sk-sksecurity directly, which assumes the...

0.00022EPSS

Exploits0References3

UBUNTU-CVE-2026-46158

Exploits0References6

OSV•added 2026/05/28 10:16 a.m.•3 views

UBUNTU-CVE-2026-46214

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtiotransportrecvlisten calls skacceptqadded before vsockassigntransport. If vsockassigntransport fails or selects a different transport, the error path returns...

5.7AI score0.00032EPSS

Exploits0References8

UBUNTU-CVE-2026-46170

Exploits0References6

UBUNTU-CVE-2026-46140

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

5.7AI score0.00023EPSS

Exploits0References7

ATTACKERKB•added 2026/05/28 9:40 a.m.•4 views

UBUNTU-CVE-2026-46104

5.7AI score0.00022EPSS

Exploits0References6

CVE-2026-46234

In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check...

5.8AI score0.00032EPSS

Exploits0References9Affected Software1

EUVD•added 2026/05/28 9:40 a.m.•12 views

EUVD-2026-32752

5.9AI score0.00032EPSS

EUVD•added 2026/05/28 9:40 a.m.•7 views

EUVD-2026-32854

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

5.8AI score0.00013EPSS

CVE•added 2026/05/28 9:40 a.m.•17 views

CVE-2026-46227

CVE-2026-46227 describes a race in the Linux kernel SCTP SENDALL path. The sctp_sendmsg() loop over ep->asocs caches the next entry in @tmp, then calls sctp_sendmsg_to_asoc() after dropping the socket lock, allowing a second thread to peel off the cached association and migrate it to a new end...

7.8CVSS5.8AI score0.00013EPSS

Exploits0References8

Cvelist•added 2026/05/28 9:40 a.m.•28 views

CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

7.8CVSS0.00013EPSS

Exploits0References8

Debian CVE•added 2026/05/28 9:40 a.m.•4 views

CVE-2026-46207

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtiotransportbuildskb goes through virtiotransportcopynonlinearskb to copy the original payload in the new skb to be delivered to the vsockm...

5.7AI score0.00023EPSS

Exploits0

Cvelist•added 2026/05/28 9:36 a.m.•25 views

CVE-2026-46188 octeon_ep_vf: add NULL check for napi_build_skb()

In the Linux kernel, the following vulnerability has been resolved: octeonepvf: add NULL check for napibuildskb napibuildskb can return NULL on allocation failure. In octepvfoqprocessrx, the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading t...

0.00023EPSS

Exploits0References4

EUVD•added 2026/05/28 9:36 a.m.•4 views

EUVD-2026-32797

Debian CVE•added 2026/05/28 9:36 a.m.•3 views

Exploits0References3

CVE-2026-46170

CVE•added 2026/05/28 9:36 a.m.•9 views

Exploits0

CVE-2026-46170

The CVE-2026-46170 issue is in the Linux kernel’s MPTCP path: when ADD_ADDR is retransmitted, a socket (sk) may not be freed if it was the last reference held by sk_reset_timer(). This can lead to a situation where sock_put() frees the socket and calls sk_free(), which could trigger sk_stop_timer...