CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The issue of a null pointer dereference error in generateencryptionkey has been fixed. If a client sends two session setups with KRB5 authentication to ksmbd, a null pointer dereference error in generateencryptionkey can...

5.5CVSS5.8AI score0.00024EPSS

Exploits0References2

IBM Security Bulletins•added 2026/05/04 12:39 p.m.•3 views

Security Bulletin:Axios HTTP/2 Session Cleanup Logic State Corruption Bug Fixed in 1.13.2

Summary Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The...

5.9CVSS5.8AI score0.00021EPSS

Exploits1Affected Software1

RedhatCVE•added 2026/04/08 5:6 p.m.•0 views

CVE-2026-39865

A flaw was found in Axios, a promise-based HTTP client. A malicious server can exploit a state corruption bug within the HTTP/2 session cleanup logic, specifically in the Http2Sessions.getSession method. By initiating concurrent session closures, the server can trigger a control flow error, leadi...

5.9CVSS5.8AI score0.00021EPSS

Exploits1References4

OSV•added 2026/04/08 3:51 p.m.•2 views

GHSA-QJ83-CQ47-W5F8 Axios HTTP/2 Session Cleanup State Corruption Vulnerability

Summary Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. This denial-of-service vulnerability affects axios versions prior to 1.13.2 when HTTP/2 is enabled. Details The vulnerability...

5.9CVSS5.8AI score0.00021EPSS

Exploits1References5

Snyk•added 2026/04/08 3:51 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Http2Sessions.getSession function in the HTTP/2 session cleanup. An attacker can cause the client process...

8.2CVSS5.8AI score0.00021EPSS

Exploits1References2

OSV•added 2026/04/08 3:16 p.m.•1 views

DEBIAN-CVE-2026-39865

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...

5.9CVSS5.5AI score0.00021EPSS

Exploits1References1

Amazon•added 2026/03/27 12:0 a.m.•3 views

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. CVE-2025-40149 In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize CVE-2025-68792 In the...

7.8CVSS6.2AI score0.00063EPSS

Exploits0

Positive Technologies•added 2025/11/30 12:0 a.m.•2 views

PT-2026-2524

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the tpm2-sessions component where the name size variable lacks range checks. This could allow for out-of-range indexing, potentially leading to memory...

5.5CVSS5.3AI score0.0004EPSS

Exploits0

CVE•added 2025/08/19 5:2 p.m.•30 views

CVE-2025-38562

CVE-2025-38562 affects the Linux kernel ksmbd component. When a client performs two session setups with krb5 authentication to ksmbd, a null pointer dereference in generate_encryptionkey could occur if sess->Preauth_HashValue is NULL while the session is valid. The fix ensures the encryption k...

5.5CVSS7AI score0.00024EPSS

Exploits0References9Affected Software1

RedhatCVE•added 2025/05/23 6:17 a.m.•1 views

CVE-2024-10214

Mattermost versions 9.11.X = 9.11.1, 9.5.x = 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings...

3.5CVSS7AI score0.00363EPSS

Exploits0References1

Circl•added 2024/02/28 7:26 p.m.•0 views

CVE-2024-26342

creationtimestamp| type| source ---|---|--- 2024-02-28 19:26:59+00:00| seen| https://t.me/ctinow/195775 2024-02-28 19:27:06+00:00| seen| https://t.me/ctinow/195781 2025-04-22 16:03:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12876...

7.5CVSS4.8AI score0.00538EPSS

Exploits1References3

Circl•added 2024/02/22 6:54 p.m.•0 views

CVE-2023-52448

creationtimestamp| type| source ---|---|--- 2024-02-22 18:54:02+00:00| seen| https://t.me/ctinow/191024 2024-02-23 15:11:35+00:00| seen| https://t.me/ctinow/191800...

5.5CVSS6AI score0.00009EPSS

Exploits0References2

Circl•added 2024/02/10 5:26 p.m.•1 views

CVE-2024-22313

creationtimestamp| type| source ---|---|--- 2024-02-10 17:26:23+00:00| seen| https://t.me/ctinow/182614 2024-03-03 13:46:58+00:00| seen| https://t.me/ctinow/198724...

7.8CVSS7.5AI score0.0002EPSS

Exploits0References2

Circl•added 2024/01/26 4:32 p.m.•0 views

CVE-2024-0924

creationtimestamp| type| source ---|---|--- 2024-01-26 16:32:26+00:00| seen| https://t.me/ctinow/174305 2024-01-28 10:28:07+00:00| seen| https://t.me/arpsyndicate/3269 2024-02-02 21:16:52+00:00| seen| https://t.me/ctinow/178279 2024-02-19 09:21:45+00:00| seen| https://t.me/ctinow/187525...

9.8CVSS6.1AI score0.00172EPSS

Exploits1References4

ATTACKERKB•added 2011/08/18 6:55 p.m.•1 views

CVE-2011-1624

Cisco IOS 12.258SE, when a login banner is configured, allows remote attackers to cause a denial of service device reload by establishing two SSH2 sessions, aka Bug ID CSCto62631...

7.8CVSS5.6AI score0.00427EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by