CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/05/27 12:57 p.m.•4 views

SUSE CVE-2026-45837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

5.8AI score0.00023EPSS

OSV•added 2026/05/27 11:16 a.m.•1 views

UBUNTU-CVE-2026-45837

5.7AI score0.00023EPSS

EUVD•added 2026/05/27 9:24 a.m.•3 views

EUVD-2026-32163

5.8AI score0.00023EPSS

Packet Storm News•added 2026/05/13 12:0 a.m.•7 views

Code-Centric Detection of Vulnerability-Fixing Commits: A Unified Benchmark and Empirical Study

Automated detection of vulnerability-fixing commits VFCs is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive evaluation of code language model based VFC detection...

5.9AI score

Exploits0

CNNVD•added 2026/05/08 12:0 a.m.•5 views

zebra 数据伪造问题漏洞

Zebra is an open-source Zcash implementation built with Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 had a data forgery vulnerability, which stemmed from insufficient error handling when sighash types were invalid, potentially leading to consensus splits...

9.3CVSS5.8AI score0.00023EPSS

CNNVD•added 2026/05/08 12:0 a.m.•5 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built with Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained security vulnerabilities; these vulnerabilities stemmed from the block verifier underestimating the number of transparent signature operations, which could lead to...

9.2CVSS5.8AI score0.00013EPSS

Exploits0References2

Positive Technologies•added 2026/04/19 12:0 a.m.•1 views

PT-2026-33645

Name of the Vulnerable Software and Affected Versions Apktool versions 3.0.0 through 3.0.1 Description A path traversal issue in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding using the apktool d...

7.1CVSS6.2AI score0.00006EPSS

Exploits1References12

EUVD•added 2025/12/24 3:30 p.m.•2 views

EUVD-2023-60324

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect splitting in btrfsdropextentmaprange In production we were seeing a variety of WARNON's in the extentmap code, specifically in btrfsdropextentmaprange when we have to call addextentmapping for our second spli...

6.2AI score0.00028EPSS

CNNVD•added 2025/12/24 12:0 a.m.•1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from btrfs partition skipping splits and logical rewrites, which could lead to null pointer dereferencing...

6.1AI score0.00026EPSS

NVD•added 2025/12/22 5:16 p.m.•1 views

CVE-2025-68329

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose for split VMAs When a VMA is split e.g., by partial munmap or MAPFIXED, the kernel calls vmops-close on each portion. For trace buffer mappings, this results in ringbufferunmap being...

0.00024EPSS

Tenable Nessus•added 2025/12/22 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-68329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tracing: Fix WARNON in tracingbuffersmmapclose for split VMAs When a VMA is split e.g., by partial munmap or MAPFIXED, the kernel calls vmops-close on each...

6.2AI score0.00024EPSS

OSV•added 2025/08/19 5:15 p.m.•1 views

DEBIAN-CVE-2025-38563

In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first mapping is...

7.8CVSS6.2AI score0.00026EPSS

OSV•added 2025/08/19 5:15 p.m.•2 views

AZL-73800 CVE-2025-38563 affecting package kernel for versions less than 5.15.200.1-1

7.8CVSS6.6AI score0.00026EPSS

Positive Technologies•added 2025/07/30 12:0 a.m.•5 views

PT-2025-33762

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The perf mmap code does not prevent Virtual Memory Area VMA splits caused by resizing or partial unmapping of a mapping. This can lead to reference count leaks in perf mmap open and pe...

7.8CVSS7AI score0.00026EPSS

Exploits0

OSV•added 2025/03/21 10:15 p.m.•2 views

AZL-59209 CVE-2025-30204 affecting package azcopy for versions less than 10.25.1-5

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.7AI score0.00083EPSS

SUSE CVE•added 2025/02/27 3:8 a.m.•2 views

SUSE CVE-2022-49343

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. That can easily lead to the kernel corrupting tree nodes that were already verified under its...

6.7CVSS7.7AI score0.0001EPSS

Exploits0References10

OSV•added 2024/12/04 6:29 p.m.•8 views

GHSA-WWQ9-3CPR-MM53 Borsh serialization of HashMap is non-canonical

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered...

9.3CVSS7.1AI score

Positive Technologies•added 2024/10/11 12:0 a.m.•3 views

PT-2024-40947 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.15.1 Description: The issue concerns the borsh serialization of the HashMap, which did not adhere to the borsh specification. This led to potential non-canonical encodings that depended on the insertion order, an...

7.2AI score