CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability in Flatpak

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. The flatpak-builder command applies the finish-args option last in the build process. At this point, the build directory will have full acce...

7.7CVSS6.7AI score0.01666EPSS

Photon•added 6 days ago•5 views

Important Photon OS Security Update - PHSA-2026-5.0-0885

Updates of 'util-linux', 'rsync', 'jq' packages of Photon OS have been released...

8.1CVSS5.8AI score0.00643EPSS

Exploits4

NVD•added last week•7 views

CVE-2025-71321

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...

9.8CVSS0.00624EPSS

Tenable Nessus•added 2026/06/17 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Integer Overflow or Wraparound in libblkid/src/partitions/dos.c CVE-2026-53615 Note that Nessus relies on the...

Tenable Nessus•added 2026/06/17 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - upstream upgrade with security fixes: - CVE-2026-53612 - libmount: TOCTOU attack via ancestor directory swap during mount - CVE-2026-53613 - libmount: SUID bypa...

Tenable Nessus•added 2026/06/17 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Local Privilege Escalation via TOCTOU in mount8 hookowner.c chmod/chown CVE-2026-53612 Note that Nessus relies o...

Tenable Nessus•added 2026/06/17 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Local Privilege Escalation via LIBMOUNTFORCEMOUNT2 Environment Variable - nosuid/noexec Bypass in SUID mount8...

Positive Technologies•added 2026/06/15 12:0 a.m.•7 views

PT-2026-49303

Name of the Vulnerable Software and Affected Versions Vector version 0.54.0 Description An issue in the '/util/http/prelude.rs' endpoint allows attackers to cause a Denial of Service DoS, which is a condition where a service becomes unavailable to its intended users, by sending a crafted request ...

6.5CVSS5.2AI score0.00289EPSS

CVE•added 2026/06/15 12:0 a.m.•14 views

CVE-2026-39197

Summary: CVE-2026-39197 affects Datadog Vector v0.54.0 with a vulnerability in the /util/http/prelude.rs endpoint that can trigger a Denial of Service (DoS) via a crafted request or payload. The CVSS-derived metrics indicate NETWORK attack vector, low attack complexity, required privileges, and h...

6.5CVSS5.4AI score0.00289EPSS

Cvelist•added 2026/06/12 8:59 p.m.•29 views

CVE-2026-53609 Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, apos.util.set traverses dot-notation paths without sanitizing proto, allowing an authenticated editor to write arbitrary values to Object.prototype via the $pullAll patch operator. A confirm...

9.1CVSS0.00237EPSS

CVE•added 2026/06/12 8:59 p.m.•23 views

CVE-2026-53609

CVE-2026-53609 involves ApostropheCMS (Node.js) up to version 4.30.0, where apos.util.set() can traverse dot-notation paths and fail to sanitize proto , enabling an authenticated editor to write arbitrary values to Object.prototype via the $pullAll patch operator. A confirmed gadget in publicApiC...

9.1CVSS5.5AI score0.00237EPSS

Tenable Nessus•added 2026/06/12 12:0 a.m.•7 views

EulerOS Virtualization 2.13.0 : util-linux (EulerOS-SA-2026-2420)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerabilit...

Snyk•added 2026/06/10 1:34 p.m.•5 views

Exploits1References3

Malicious Package

Overview npmjsweb3-util is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score

Tenable Nessus•added 2026/06/10 12:0 a.m.•9 views

EulerOS 2.0 SP13 : util-linux (EulerOS-SA-2026-2360)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check- Time-of-Use vulnerability has been...

Tenable Nessus•added 2026/06/10 12:0 a.m.•8 views

Exploits1References3

EulerOS 2.0 SP13 : util-linux (EulerOS-SA-2026-2317)

Tenable Nessus•added 2026/06/09 12:0 a.m.•5 views

Exploits1References3

EulerOS 2.0 SP11 : util-linux (EulerOS-SA-2026-2231)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the...

Tenable Nessus•added 2026/06/09 12:0 a.m.•8 views

EulerOS 2.0 SP11 : util-linux (EulerOS-SA-2026-2268)

Tenable Nessus•added 2026/06/06 12:0 a.m.•8 views

EulerOS Virtualization 2.12.0 : util-linux (EulerOS-SA-2026-2115)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability exists in util-linux package that allows access control bypass due to improper hostname...

Tenable Nessus•added 2026/06/06 12:0 a.m.•8 views

EulerOS Virtualization 2.10.0 : util-linux (EulerOS-SA-2026-2065)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can...