CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed a mid leak that occurred during reconnection after a timeout threshold. When the number of responses with the status STATUSIOTIMEOUT exceeds a specified threshold NUMSTATUSIOTIMEOUT, we reconnect the connection...

5.5CVSS5.2AI score0.00133EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15, and Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ravb: Fixed the use-after-free issue in ravbtxtimeoutwork. The ravbstop function should call cancelworksync. Otherwise, ravbtxtimeoutwork may use the freed private data after ravbremove is called, as follows: CPU0 CPU1...

7.8CVSS5.7AI score0.00242EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid data corruption caused by decline. We identified a data corruption issue during testing of SMC-R in Redis applications. The benchmark has a low probability of reporting a strange error, as shown below: “Error:...

7.8CVSS5.7AI score0.00248EPSS

Positive Technologies•added 2026/05/01 12:0 a.m.•23 views

PT-2026-38395

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description Sandboxed code can call the Buffer.alloc function with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, the timeout option cannot...

7.8CVSS6AI score0.0032EPSS

Exploits1References8

NVD•added 2026/04/30 5:16 p.m.•2 views

CVE-2025-71284

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

9.8CVSS0.05727EPSS

Exploits1References5

RedhatCVE•added 2026/04/30 2:47 p.m.•1 views

CVE-2026-42423

OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that should require explicit user approval,...

OSV•added 2026/04/30 9:28 a.m.•3 views

Exploits0References1

CLSA-2026-1777541282 glib2: Fix of 2 CVEs

CVE-2023-29499: fix GVariant offset table entry size which is not checked in isnormal. - CVE-2023-32636: remediate GVariant deserialisation timeout regression introduced by the CVE-2023-29499 fix. - Backported upstream MR 3126 22 commits from centos8.5els...

7.5CVSS6.6AI score0.00774EPSS

Exploits0References1

NVD•added 2026/04/29 4:16 p.m.•3 views

CVE-2026-42198

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

7.5CVSS0.00478EPSS

NVD•added 2026/04/28 7:37 p.m.•3 views

CVE-2026-42423

7.7CVSS0.00316EPSS

Vulnrichment•added 2026/04/28 6:10 p.m.•3 views

CVE-2026-42423 OpenClaw < 2026.4.8 - strictInlineEval Approval Boundary Bypass via Approval-Timeout Fallback

ATTACKERKB•added 2026/04/28 6:10 p.m.•0 views

CVE-2026-42423

Cvelist•added 2026/04/28 6:10 p.m.•26 views

Exploits0References4

CVE-2026-42423 OpenClaw < 2026.4.8 - strictInlineEval Approval Boundary Bypass via Approval-Timeout Fallback

7.7CVSS0.00316EPSS

EUVD•added 2026/04/28 6:10 p.m.•2 views

EUVD-2026-26126

CVE•added 2026/04/28 6:10 p.m.•5 views

CVE-2026-42423

OpenClaw prior to 2026.4.8 contains an approval-timeout fallback that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. This allows an attacker to exploit the timeout fallback to execute inline eval commands that would normally require explicit user approval...

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/28 12:0 a.m.•4 views

PT-2026-35802

CNNVD•added 2026/04/28 12:0 a.m.•7 views

Exploits0References6

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from a timeout rollback mechanism that bypassed the explicit approval requirements for strictInlineEval. This...

7.7CVSS5.9AI score0.00316EPSS

Exploits0References1

Tenable Nessus•added 2026/04/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-31665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftct: fix use-after-free in timeout object destroy nftcttimeoutobjdestroy frees the timeout object with kfree immediately after nfctuntimeout, witho...

7.8CVSS5.8AI score0.00117EPSS