CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 5 days ago•4 views

CVE-2026-12892

4.4CVSS5.8AI score0.00124EPSS

Exploits0References4

Tenable Nessus•added 2026/06/20 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-56210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding...

7.1CVSS5.8AI score0.00228EPSS

Exploits0References4

ATTACKERKB•added 2026/06/19 4:28 p.m.•6 views

CVE-2026-56211

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

7.1CVSS6.7AI score0.00385EPSS

Exploits0References5

Cvelist•added 2026/06/19 4:28 p.m.•29 views

CVE-2026-56210 Libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id

A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows setting a spatiallayerid exceeding the configured number of layers. This causes an out-of-bounds heap rea...

7.1CVSS0.00228EPSS

Exploits0References4

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Ports that were written as integer overflows above the bounds of a 16-bit integer could potentially bypass port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

8.8CVSS6.7AI score0.01167EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Firmware: stratix10-svc – A potential resource leak has been fixed in svccreatememorypool. svccreatememorypool is only called from stratix10svcdrvprobe. Most of the resources within the probe are managed, but this memremap call i...

5.5CVSS5.2AI score0.00136EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Firmware: stratix10-svc – fixed an error in saving controller data. The incorrect use of platformsetdrvdata and devsetdrvdata has also been corrected. Both these functions refer to the same data, and they override each other...

5.3AI score0.00176EPSS

RedhatCVE•added 2026/05/26 8:14 p.m.•14 views

CVE-2026-47066

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

NVD•added 2026/05/25 3:16 p.m.•14 views

Exploits1References1

CVE-2026-47066

8.7CVSS0.00703EPSS

ATTACKERKB•added 2026/05/25 2:0 p.m.•9 views

CVE-2026-47066

Vulnrichment•added 2026/05/25 2:0 p.m.•8 views

Exploits1References5

CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

Cvelist•added 2026/05/25 2:0 p.m.•34 views

CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

8.7CVSS0.00703EPSS

CVE•added 2026/05/25 2:0 p.m.•20 views

CVE-2026-47066

CVE-2026-47066 describes an Infinite Loop in the Alt-Svc header parser of benoitc’s hackney. The vulnerable component is the Alt-Svc response header parser (src/hackney_altsvc.erl); when parse_token/2 receives certain inputs, it may return the input unchanged, and skip_comma/1 can fail to progres...

Exploits1References4Affected Software1

Positive Technologies•added 2026/05/25 12:0 a.m.•12 views

PT-2026-43064

Name of the Vulnerable Software and Affected Versions hackney versions 2.0.0-beta.1 through 4.0.0 Description An infinite loop exists in the Alt-Svc response header parser within src/hackney altsvc.erl. When the parse token/2 function receives a byte that is not a token, whitespace, or comma such...

8.7CVSS5.9AI score0.00703EPSS

Exploits1References10

CNNVD•added 2026/05/25 12:0 a.m.•9 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 2.0.0-beta.1 through prior to 4.0.1, which stems from the Alt-Svc response header parser's inability to guarantee forward progress, potentially leading to infinite loops and CPU exhaustion...

8.7CVSS5.8AI score0.00703EPSS

SUSE CVE•added 2026/04/23 1:24 a.m.•8 views

SUSE CVE-2026-33599

A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade Lua option to newServer or autoupgrade YAML settings. DDR upgrade is not enabled by default...

8.1CVSS5.8AI score0.00283EPSS

Exploits0References3

NVD•added 2026/04/22 2:16 p.m.•3 views

CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

6.5CVSS0.00423EPSS