CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

CVE-2026-46116

In the Linux kernel, the following vulnerability has been resolved: xfrm: defensively unhash xfrmstate lists in xfrmstatedelete KASAN reproduces a slab-use-after-free in xfrmstatedelete's hlistdelrcu calls under syzkaller load on linux-6.12.y stable reproduced on 6.12.47, also reachable via the...

7.8CVSS5.8AI score0.00013EPSS

Exploits0

CVE•added last week•6 views

CVE-2026-46116

CVE-2026-46116 affects the Linux kernel xfrm subsystem (xfrm_state). The root cause is a local-use-after-free in __xfrm_state_delete due to unsafe deletions from byseq/byspi hash chains. The patch changes deletions to hlist_del_init_rcu and uses hlist_unhashed() checks, preventing writes after LI...

7.8CVSS5.8AI score0.00013EPSS

Exploits0References5

Positive Technologies•added 2026/05/28 12:0 a.m.•4 views

PT-2026-44239

In the Linux kernel, the following vulnerability has been resolved: xfrm: defensively unhash xfrm state lists in xfrm state delete KASAN reproduces a slab-use-after-free in xfrm state delete's hlist del rcu calls under syzkaller load on linux-6.12.y stable reproduced on 6.12.47, also reachable vi...

5.8AI score0.00013EPSS

Exploits0References6

RedhatCVE•added 2025/12/10 7:12 a.m.•1 views

CVE-2025-40256

No description is available for this CVE...

7.1CVSS6.5AI score0.0004EPSS

Exploits0References4

OSV•added 2025/12/04 4:8 p.m.•1 views

CVE-2025-40256 xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added

In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added In commit b441cf3f8c4b "xfrm: delete x-tunnel as we delete x", I missed the case where state creation fails between full initialization...

6.6AI score0.0004EPSS

Exploits0References10

CVE•added 2025/12/04 4:8 p.m.•6 views

CVE-2025-40256

CVE-2025-40256 is a Linux kernel vulnerability in xfrm where xfrm_state_delete_tunnel was not called for states created but not inserted, causing a FB tunnel leak. The issue arises when full init_state runs but insertion fails before user state is linked, leaving a fallback tunnel on lists. Affec...

6.4AI score0.0004EPSS

Exploits0References7

RedhatCVE•added 2025/05/22 7:2 a.m.•2 views

CVE-2018-16298

An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request...

6.1CVSS6.1AI score0.0024EPSS

Exploits1References1

Microsoft CVE•added 2024/11/12 8:0 a.m.•3 views

net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice

...

5.5CVSS6.6AI score0.00018EPSS

Exploits0

CNNVD•added 2024/10/21 12:0 a.m.•1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue in the net/mlx5e subsystem where repeated calls to the xfrmstatedelete function cause a crash...

5.5CVSS6.3AI score0.00018EPSS

Exploits0References7

CVE•added 2018/08/31 11:0 p.m.•46 views

CVE-2018-16298

MiniCMS 1.10 is affected by a cross-site scripting (XSS) vulnerability in the admin endpoint mc-admin/post.php?tag= where requests with state=delete, state=draft, or state=publish can inject script or HTML. The flaw is triggered via the tag parameter and is present in the public CVE entries acros...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by