CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: mailbox: zynq-ipi: fixed error handling when deviceregister fails When deviceregister fails, there are two issues: 1. The name allocated by devsetname is leaked. 2. The parent of the device is not NULL; deviceunregister is...

6AI score0.0004EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ionic: fix use after netifnapidel When queues are started, netifnapiadd and napienable are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues’ napi should be registered and...

7.8CVSS6.5AI score0.00011EPSS

Vulnrichment•added 2026/05/12 7:48 a.m.•5 views

CVE-2026-6663 GWD Connect <= 2.9 - Unauthenticated Limited Code Execution via update_agent

The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints gwd-backup.php and gwd-logs.php not verifying authentication when the API key has not been...

4.8CVSS6.5AI score0.00086EPSS

SUSE CVE•added 2026/05/07 2:18 a.m.•4 views

SUSE CVE-2026-43087

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Disable all pin interrupts during probe A chip being probed may have the interrupt-on-change feature enabled on some of its pins, for example after a reboot. This can cause the chip to generate interrupts for...

5.8AI score0.00014EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "storemodes" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in...

7.8CVSS6.3AI score0.00055EPSS

Vulnrichment•added 2026/04/28 6:9 p.m.•2 views

CVE-2026-41390 OpenClaw < 2026.3.28 - Exec Allowlist Bypass via Unregistered /usr/bin/script Wrapper

OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execu...

7.3CVSS5.3AI score0.00026EPSS

Tenable Nessus•added 2026/04/21 12:0 a.m.•1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013226)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013226 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in cryptodestroyinstance The function cryptodropspawn expects to be...

5.8AI score0.0004EPSS

Snyk•added 2026/04/19 9:0 p.m.•1 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the actionclass function in the ActionsController. A user can gain unauthorized access to sensitive actions and escalate privileges by invoking unregistered action classes on arbitrary...

8.8CVSS5.6AI score0.00044EPSS

NVD•added 2026/04/10 5:17 p.m.•2 views

CVE-2026-35666

OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval state for inner commands...

8.8CVSS0.00059EPSS

Vulnrichment•added 2026/04/10 4:3 p.m.•2 views

CVE-2026-35666 OpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper

8.8CVSS5.8AI score0.00059EPSS

Cvelist•added 2026/04/10 4:3 p.m.•25 views

CVE-2026-35666 OpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper

8.8CVSS0.00059EPSS

Positive Technologies•added 2026/04/10 12:0 a.m.•3 views

PT-2026-31977

8.8CVSS5.8AI score0.00059EPSS

Exploits0References5

GithubExploit•added 2026/04/05 8:48 p.m.•89 views

Exploit for CVE-2026-23398

CVE-2026-23398 Linux Kernel icmptagvalidation NULL Poin...

5.9AI score0.00031EPSS

Exploits2

Tenable Nessus•added 2026/04/05 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the...

7.8CVSS5.8AI score0.00015EPSS