Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

72 matches found

NVD
NVDadded 6 days ago12 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.00119EPSS
Exploits0References3
OSV
OSVadded 6 days ago3 views

UBUNTU-CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6.1AI score0.00119EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 6 days ago6 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6AI score0.00119EPSS
Exploits0References4
Cvelist
Cvelistadded 6 days ago23 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.00119EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 6 days ago11 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References3
EUVD
EUVDadded 6 days ago10 views

EUVD-2026-37834

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/06/11 12:0 a.m.8 views

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7585-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7585-2 advisory. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls...

7.8CVSS7.8AI score0.00246EPSS
Exploits0References33
Vulnrichment
Vulnrichmentadded 2026/06/01 4:22 p.m.10 views

CVE-2026-46243 smb: client: reject userspace cifs.spnego descriptions

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

7.1CVSS5.8AI score0.0031EPSS
Exploits4References8
ATTACKERKB
ATTACKERKBadded 2026/06/01 4:22 p.m.10 views

CVE-2026-46243

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

5.8AI score0.0031EPSS
Exploits4References9Affected Software1
Microsoft CVE
Microsoft CVEadded 2026/05/28 8:4 a.m.8 views

openvswitch: cap upcall PID array size and pre-size vport replies

...

7CVSS5.4AI score0.0018EPSS
Exploits0
SUSE CVE
SUSE CVEadded 2026/05/27 12:57 p.m.11 views

SUSE CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

6.5CVSS5.9AI score0.0018EPSS
Exploits0References3
CVE
CVEadded 2026/05/27 12:18 p.m.21 views

CVE-2026-45983

In CVE-2026-45983, the Linux kernel NFS server (nfsd) vulnerability stems from idmap lookup upcalls during v4 request decoding: if upcall responses are delayed beyond the time limit, cache_check() postpones the request and it gets dropped, causing NFSD4_SLOT_INUSE to block subsequent SEQUENCE ope...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8Affected Software1
CVE
CVEadded 2026/05/27 12:15 p.m.18 views

CVE-2026-45870

The CVE-2026-45870 issue affects the Linux kernel SUNRPC auth_gss path, causing memory leaks in XDR decoding error paths. Specifically, gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name() allocate buffers via gssx_dec_buffer() (kmemdup) and may return early on a subsequent decode error without...

5.8AI score0.00216EPSS
Exploits0References8
NVD
NVDadded 2026/05/27 11:16 a.m.11 views

CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

0.0018EPSS
Exploits0References8
OSV
OSVadded 2026/05/27 11:16 a.m.2 views

UBUNTU-CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

5.8AI score0.0018EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/27 9:24 a.m.6 views

CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

5.8AI score0.0018EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2026/05/27 9:24 a.m.31 views

CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

0.0018EPSS
Exploits0References8
EUVD
EUVDadded 2026/05/27 9:24 a.m.9 views

EUVD-2026-32166

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

5.9AI score0.0018EPSS
Exploits0References5
CVE
CVEadded 2026/05/27 9:24 a.m.26 views

CVE-2026-45840

The CVE-2026-45840 entry concerns the Linux kernel’s Open vSwitch datapath: the upcall port-id handling in vport netlink replies could be overflowed when a CAP_NET_ADMIN user supplies a large PID array. The bug arises because ovs_vport_set_upcall_portids() accepts any non-zero multiple of sizeof(...

5.9AI score0.0018EPSS
Exploits0References8
Debian CVE
Debian CVEadded 2026/05/27 9:24 a.m.6 views

CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

5.8AI score0.0018EPSS
Exploits0
Rows per page
Query Builder