CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Resets the ttaskcdb pointer in error cases If the allocation of cmd-ttaskcdb fails, it remains NULL, but it is later referenced in the ‘err’ path. In case of an error, the NULL ttaskcdb value is reset to point at th...

5.8AI score0.00173EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix refcount issue when LOGO is received during TMF A hung task trace was observed during LOGO processing. 974.309060 0000:00:00.0: qedfehdevicereset:868: 1:0:2:0: LUN RESET issued… 974.309065 0000:00:00.0:...

5.5CVSS6.1AI score0.00281EPSS

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability in openexr

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...

5.5CVSS7.1AI score0.01772EPSS

Exploits1References2

7.8CVSS5.7AI score0.00147EPSS

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fixed a use-after-free bug in smpexecutetasksg When executing an SMP task fails, the smpexecutetasksg function calls deltimer to delete the “slowtask-timer” timer. However, if the timer handler sastaskinternaltimedo...

7.8CVSS6.1AI score0.00238EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: A use-after-free issue was addressed for aborted SSP/STP sastask operations. Currently, a use-after-free may occur if an sastask is aborted by the upper layer before we handle the I/O completion in mpisspcompletion ...

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix for a variable not being completed when the function returns When cmdallocindex fails, cmdworkhandler needs to complete ent-slotted before returning early. Otherwise, the task that issued the command may hang...

5.5CVSS6.2AI score0.00199EPSS

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: “smack”: fixed a bug where an unprivileged task could create labels. If an unprivileged task is allowed to relabel itself "/smack/relabel-self is not empty", it can freely create new labels by writing their names into its own...

5.2AI score0.00165EPSS

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scs: A wrong parameter was fixed in scsmagic. The scsmagic function requires a void variable, but a struct taskstruct is provided instead. taskscstsk represents the starting address of the task’s shadow call stack, and...

5.5CVSS5.7AI score0.00123EPSS

7.8CVSS6.2AI score0.0026EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: sched/scs: The task stack state is reset in bringupcpu. When a CPU is hot-plugged, the idle task on that CPU calls several layers of C code before finally leaving the kernel. When KASAN is in use, a “poisoned” shadow is left behi...

4.7CVSS5.7AI score0.00176EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: The issue of losing the “young/dirty” bits during the pagemap scan has been fixed. The function makeuffdwpwppte used to perform these operations was previously executed as follows: c pte = ptepgetptep;...

Github Security Blog•added 6 days ago•9 views

[Eclipse Theia] Arbitrary Command Execution via Untrusted Workspace Task Definitions

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.8CVSS6.1AI score0.00231EPSS

Exploits0References6Affected Software3

Github Security Blog•added 6 days ago•9 views

[Eclipse Theia] Indirect Prompt Injection via Adversarial Workspace File and Directory Names in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.8CVSS6.1AI score0.00272EPSS

Exploits0References6Affected Software7

NVD•added 6 days ago•11 views

CVE-2026-44688

8.8CVSS0.00272EPSS

OSV•added 6 days ago•3 views

UBUNTU-CVE-2026-44691

8.8CVSS6.1AI score0.00231EPSS

CVE•added 6 days ago•18 views

CVE-2026-44691

CVE-2026-44691 affects Eclipse Theia versions before 1.69.0. The issue arises when custom task definitions in workspace files (e.g., .theia/tasks.json, .vscode/tasks.json) can be executed without workspace trust, potentially enabling arbitrary commands to run with the user’s privileges if a malic...

8.8CVSS5.8AI score0.00231EPSS

Exploits0References1Affected Software1

EUVD•added 6 days ago•8 views

EUVD-2026-37901

8.4CVSS5.7AI score0.00231EPSS

EUVD•added 6 days ago•8 views

EUVD-2026-37899

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the...

8.4CVSS5.6AI score0.00272EPSS

Cvelist•added 6 days ago•15 views

CVE-2026-44688

8.4CVSS0.00272EPSS