CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/27 8:14 p.m.•6 views

CVE-2026-46028

A flaw was found in the Linux kernel's algifaead Authenticated Encryption with Associated Data subsystem. Asynchronous async requests for AEAD operations use a shared initialization vector IV buffer. This shared state can be modified by subsequent socket activity before an async request fully...

7CVSS5.8AI score0.00032EPSS

EUVD•added 2026/05/27 8:13 p.m.•8 views

EUVD-2026-32657

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen. Because the value is placed insi...

8.8CVSS5.9AI score0.00023EPSS

Exploits0References1

EUVD•added 2026/05/27 3:33 p.m.•7 views

EUVD-2026-32250

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file descriptors via SCMRIGHTS, both the socket pointer and the socket's sk pointer can be NULL during socket setup or teardown, causing NULL pointer...

5.7AI score0.00022EPSS

EUVD•added 2026/05/27 3:33 p.m.•8 views

EUVD-2026-32384

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - don't deref NULL sksocket member after tcpclose When deleting a peer in case of keepalive expiration, the peer is removed from the OpenVPN hashtable and is temporary inserted in a "release list" for further processing...

5.9AI score0.00022EPSS

EUVD•added 2026/05/27 3:33 p.m.•6 views

EUVD-2026-32314

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL sock in aasockfileperm Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops. The fix for NULL pointer dereference in unixneedsrevalidation shows...

5.7AI score0.00032EPSS

Exploits0References9

NVD•added 2026/05/27 2:17 p.m.•10 views

CVE-2026-46098

In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...

NVD•added 2026/05/27 2:17 p.m.•8 views

CVE-2026-46028

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...

NVD•added 2026/05/27 2:17 p.m.•6 views

CVE-2026-45998

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential UAF after skbunshare failure If skbunshare fails to unshare a packet due to allocation failure in rxrpcinputpacket, the skb pointer in the parent rxrpciothread will be NULL'd out. This will likely cause the...

0.00024EPSS

Exploits0References5

NVD•added 2026/05/27 2:17 p.m.•6 views

CVE-2026-45966

0.00022EPSS

NVD•added 2026/05/27 2:17 p.m.•9 views

CVE-2026-45918

0.00022EPSS

OSV•added 2026/05/27 2:17 p.m.•3 views

UBUNTU-CVE-2026-45929

In the Linux kernel, the following vulnerability has been resolved: ovpn: fix possible use-after-free in ovpnnetxmit When building the skblist in ovpnnetxmit, skbsharecheck will free the original skb if it is shared. The current implementation continues to use the stale skb pointer for subsequent...

7.8CVSS5.7AI score0.00013EPSS

OSV•added 2026/05/27 2:17 p.m.•5 views

UBUNTU-CVE-2026-45918

5.8AI score0.00022EPSS

NVD•added 2026/05/27 2:16 p.m.•7 views

CVE-2026-45848

CVE•added 2026/05/27 12:59 p.m.•15 views

CVE-2026-46102

The CVE-2026-46102 issue affects the Linux kernel network stream parser (net: strparser). When the stream parser is aborted (e.g., after a message assembly timeout), the partially assembled message referenced by strp->skb_head is not released in strp_abort_strp(), causing a memory leak that co...

7.5CVSS5.8AI score0.00068EPSS

EUVD•added 2026/05/27 12:59 p.m.•6 views

EUVD-2026-32485

In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skbhead leak in strpabortstrp When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp-skbhead. That skb is not...

5.8AI score0.00068EPSS

Exploits0References5

CVE•added 2026/05/27 12:59 p.m.•12 views

CVE-2026-46098

CVE-2026-46098 affects the Linux kernel’s CAIF net subsystem. The issue arises when caif_connect() tears down a client via caif_disconnect_client() and caif_free_client(), where caif_free_client() releases the service layer pointer (adap_layer->dn) but leaves the pointer stale. If the socket i...

5.8AI score0.00032EPSS

Cvelist•added 2026/05/27 12:57 p.m.•36 views

CVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Fix use-after-free in driver remove In the remove callback, if a packet arrives after destroyworkqueue is called, but before sockrelease, the qrtrnsdataready callback will try to queue the work, causing...

Cvelist•added 2026/05/27 12:56 p.m.•31 views

CVE-2026-46028 crypto: algif_aead - snapshot IV for async AEAD requests