CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3909 matches found

CVE-2026-48163

A flaw was found in MariaDB server. During the State Snapshot Transfer SST process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands ...

9.1CVSS6.1AI score0.00457EPSS

Exploits0References5

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Created a persistent INTx handler. There exists a vulnerability where the eventfd for INTx signaling can be deconfigured. This causes the IRQ handler to be unregistered, but it still allows eventfds to be signaled with ...

5.5CVSS5.3AI score0.0024EPSS

Exploits0References2

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fixed a use-after-free bug in smpexecutetasksg When executing an SMP task fails, the smpexecutetasksg function calls deltimer to delete the “slowtask-timer” timer. However, if the timer handler sastaskinternaltimedo...

7.8CVSS5.7AI score0.00147EPSS

Exploits0References2

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A potential hang occurred in nilfsdetachlogwriter. Syzbot reported a potential hang during nilfsdetachlogwriter called when nilfs2 unmounts the file system. Analysis revealed that this issue arises because nilfssegctorsyn...

5.3CVSS6.1AI score0.00861EPSS

Exploits0References2

NVD•added 6 days ago•9 views

CVE-2026-42487

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

7.9CVSS0.00095EPSS

Exploits0References3

CVE•added 6 days ago•32 views

CVE-2026-42487

CVE-2026-42487 concerns the Xen hypervisor’s handling of x86 HVM I/O port list traversal. The root cause stated in the sources is that traversal of the linked list used for guest I/O port accesses requires synchronization with updates to the translation/mapping (XEN_DOMCTL_ioport_mapping), but th...

7.9CVSS5.2AI score0.00095EPSS

Exploits0References3

Cvelist•added 6 days ago•14 views

CVE-2026-42487 x86 HVM I/O port list traversal

0.00095EPSS

Exploits0References1

ATTACKERKB•added 6 days ago•6 views

CVE-2026-42487

7.9CVSS5.2AI score0.00095EPSS

Exploits0References2

EUVD•added 6 days ago•9 views

EUVD-2026-37888

7.9CVSS5.3AI score0.00095EPSS

Exploits0References1

Debian CVE•added 6 days ago•8 views

CVE-2026-42487

7.9CVSS5.2AI score0.00095EPSS

Exploits0

CVE•added last week•13 views

CVE-2026-48821

Shaarli versions ≤ 0.16.1 are affected by a DOM-based XSS in the Thumbnail Synchronizer. The ThumbnailsController::ajaxUpdate backend returns unescaped bookmark titles in JSON via an AJAX response, which are injected into the DOM by thumbnails-update.js using innerHTML. This requires an administr...

5.8CVSS5.3AI score0.0013EPSS

Exploits0References2

RedHat Linux•added 2026/06/16 1:39 p.m.•5 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.1CVSS5.5AI score0.01217EPSS

Exploits0References6

RedHat Linux•added 2026/06/15 10:18 a.m.•10 views

redis: Remote code execution via use-after-free in Lua scripting

8.1CVSS5.5AI score0.01217EPSS

Exploits0References6

GithubExploit•added 2026/06/14 7:26 p.m.•70 views

VulnPilot

VulnPilot VulnPilot is an automation framework for vulnerabil...

5.4AI score

Exploits0

GithubExploit•added 2026/06/14 4:27 p.m.•57 views

lab-purple-team

Lab Purple Team - Active Directory !screenshots/wazuhsecu...

5.4AI score

Exploits0

Positive Technologies•added 2026/06/12 12:0 a.m.•9 views

PT-2026-49058

Vulnerability: CWE-362 — Concurrent Map Access Race Condition in InMemorySecret2FA CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization Affected Component - github.com/pilinux/gorest — Go REST API boilerplate - InMemorySecret2FA — in-memory 2FA secret store...

5.9CVSS5.9AI score0.00051EPSS

Exploits0References4

Positive Technologies•added 2026/06/12 12:0 a.m.•10 views

PT-2026-48939

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.6.0 through 11.6.1 Mattermost versions 11.5.0 through 11.5.4 Mattermost versions 10.11.0 through 10.11.16 Description Insufficient sanitization of the FileInfo.Name variable received from federated peers during shared...

7.6CVSS6AI score0.00294EPSS

Exploits0References4

Tenable Nessus•added 2026/06/12 12:0 a.m.•10 views

Xen: x86 HVM I/O Port List Traversal (XSA-491)

7.9CVSS5.8AI score0.00095EPSS

Exploits0References2

RustSec•added 2026/06/11 12:0 p.m.•7 views

Missing `Sync` bound on `PyCFunction::new_closure` closures

PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...

5.5AI score

Exploits0Affected Software1

RedHat Linux•added 2026/06/11 11:44 a.m.•8 views

redis: Remote code execution via use-after-free in Lua scripting

8.1CVSS5.6AI score0.01217EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by