CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.8CVSS5.7AI score0.00054EPSS

Astra Linux - уязвимость в mtr

mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries...

3.6CVSS6.5AI score0.002EPSS

Astra Linux - уязвимость в libssh

A vulnerability was discovered in libssh, where an uninitialized variable exists under certain conditions within the privatekeyfromfile function. This flaw can be exploited if the file specified by the filename does not exist, and it may lead to potential signing failures or heap corruption...

7.6CVSS7.5AI score0.00677EPSS

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. During the network boot process, when attempting to search for the configuration file, grub copies data from a user-controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the length of the...

5.5CVSS6.2AI score0.00066EPSS

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed the MMIO write access to an invalid page in i40eclearhw. When the device sends a specific input, an integer underflow can occur, resulting in MMIO write access to an invalid page. This issue can be prevented by changi...

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...

5.5CVSS6.2AI score0.0007EPSS

7.2CVSS7.4AI score0.01452EPSS

Astra Linux - уязвимость в underscore

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

Exploits2References2

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в libstb

stbimage is a single file MIT licensed library for processing images. If stbiloadgifmain in stbiloadgiffrommemory fails it returns a null pointer and may keep the z variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls stbiverticalflipslices with th...

7.5CVSS7AI score0.0014EPSS

NVD•added 2026/05/01 3:16 p.m.•3 views

CVE-2026-43034

In the Linux kernel, the following vulnerability has been resolved: bnxten: set backing store type from query type bnxthwrmfuncbackingstoreqcapsv2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctxarr and...

5.5CVSS0.00015EPSS

ATTACKERKB•added 2026/05/01 2:15 p.m.•1 views

CVE-2026-43034

5.7AI score0.00015EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/05/01 2:15 p.m.•25 views

CVE-2026-43034 bnxt_en: set backing store type from query type

0.00015EPSS

EUVD•added 2026/05/01 2:15 p.m.•1 views

EUVD-2026-26633

5.8AI score0.00015EPSS

Debian CVE•added 2026/05/01 2:14 p.m.•2 views

CVE-2026-31763

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Fix incorrect freeirq variable The handler for the IRQ part of this driver is mpu3050-trig but, in the teardown freeirq is called with handler mpu3050. Use correct IRQ handler when calling freeirq...

5.5CVSS5.7AI score0.00015EPSS

Exploits0

Positive Technologies•added 2026/05/01 12:0 a.m.•2 views

PT-2026-36451

In the Linux kernel, the following vulnerability has been resolved: bnxt en: set backing store type from query type bnxt hwrm func backing store qcaps v2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctx arr...

5.8AI score0.00015EPSS

Exploits0References4

RedHat Linux•added 2026/04/30 8:38 p.m.•3 views

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

5.3CVSS7.2AI score0.00017EPSS

Exploits0References8

NVD•added 2026/04/30 12:16 p.m.•2 views

CVE-2026-31693

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary...

7.8CVSS0.00015EPSS

Exploits0References5

CVE•added 2026/04/30 11:47 a.m.•5 views

CVE-2026-31693

CVE-2026-31693 affects the Linux kernel CIFS implementation. The issue arises when replaying a request: certain local variables were not reinitialized after a replay label, which can cause unpredictable behavior and potentially denial of service or instability. The vulnerability is limited to the...

7.8CVSS5.6AI score0.00015EPSS

Exploits0References5Affected Software1

OSV•added 2026/04/29 9:21 p.m.•2 views

GHSA-756Q-GQ9H-FP22 n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure

Impact An authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API variables endpoint. The handler queried the variables repository directly without enforcing...

7.7CVSS5.8AI score0.00033EPSS

Snyk•added 2026/04/29 9:21 p.m.•3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the variables API endpoint when an authenticated user with a valid API key scoped to variable:list supplies an arbitrary projectId query parameter. An attacker can access sensitive...

6.5CVSS5.9AI score0.00033EPSS