CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/27 12:57 p.m.•6 views

EUVD-2026-32445

5.8AI score0.00024EPSS

CVE•added 2026/05/27 12:57 p.m.•12 views

CVE-2026-46063

The CVE-2026-46063 issue affects the Linux kernel (x86/shstk) where a deadlock could occur during sigreturn while popping the shadow stack frame. The root cause was reading the shadow stack with the mmap lock held; a page fault could trigger a recursive mmap lock acquisition, risking deadlock if ...

5.8AI score0.00024EPSS

Cvelist•added 2026/05/27 12:57 p.m.•29 views

CVE-2026-46063 x86/shstk: Prevent deadlock during shstk sigreturn

0.00024EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•12 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not report a verification bug for missing bpfsccvisit calls on speculative execution paths. Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state...

5.8AI score0.00028EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•18 views

Astra Linux - уязвимость в xen

Potential speculative code storage bypasses exist in all supported CPU products. Combined with software vulnerabilities related to speculative execution of overwritten instructions, this could lead to incorrect speculation and potentially cause data leakage...

5.5CVSS6.2AI score0.00078EPSS

Exploits0References1

7.1CVSS6.4AI score0.00006EPSS

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, the patch 2039f26f3aca “bpf: Fixed leakage due to insufficient speculative store bypass mitigation” inserts lfence instructio...

7.8CVSS5.7AI score0.00018EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint The arrayindexnospec function is useless if the result is spilled to the stack, as it makes the supposedly safe-under-speculation value subject to memory predictions. For all...

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86/srso: Added SRSO mitigation for Hygon processors. Added mitigation for the speculative return stack overflow vulnerability, which also exists on Hygon processors...

7.8CVSS6.2AI score0.00015EPSS

5.5CVSS6.6AI score0.00041EPSS

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel up to version 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory through a Speculative Store Bypass side-channel attack, because the protection mechanism ignores the possibility of uninitialized memory locations within the BPF stack...

Exploits2References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux, linux-5.15

When SMT is enabled, certain AMD processors may speculateively execute instructions using a target from the sibling thread after a SMT mode switch, which may potentially lead to information disclosure...

4.7CVSS6.5AI score0.00231EPSS

7.8CVSS6.7AI score0.00023EPSS

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use arrayindexnospec with indices that come from the guest. min and destid are guest-controlled indices. Using arrayindexnospec after the bounds checks helps to mitigate speculative execution side-channels...

Tenable Nessus•added 2026/05/20 12:0 a.m.•4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021538)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021538 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre...

7.1CVSS6.4AI score0.00006EPSS

Exploits0References4

Redos•added 2026/05/14 12:0 a.m.•7 views

ROS-20260514-73-0001

A vulnerability in the phpreadstreamallchunks function of the PHP programming language is related to speculative command execution. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data...

7.5CVSS5.9AI score0.00025EPSS

Exploits3

SUSE CVE•added 2026/05/13 2:56 p.m.•12 views

SUSE CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure...

5.6CVSS7.2AI score0.02081EPSS

Exploits1References53

NVD•added 2026/05/12 8:16 p.m.•9 views

CVE-2026-44223

vLLM is an inference and serving engine for large language models LLMs. From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash ...

6.5CVSS0.00015EPSS

CVE•added 2026/05/12 7:58 p.m.•7 views

CVE-2026-44223

vLLM contains a vulnerability (CVE-2026-44223) where the extract_hidden_states speculative decoding pathway can crash the EngineCore process if any request uses penalty parameters (repetition_penalty, frequency_penalty, or presence_penalty). The issue arises from an incorrect tensor shape after t...

6.5CVSS5.8AI score0.00015EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/12 7:58 p.m.•4 views

CVE-2026-44223 vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

6.5CVSS5.8AI score0.00015EPSS