CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.5CVSS5.8AI score0.00011EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Freeing irq vectors in order for v3 HW If the driver probe fails to request the channel IRQ or fatal IRQ, the driver will free the IRQ vectors before freeing the IRQs in freeirq. This will cause a kernel BUG like...

5.5CVSS5.7AI score0.00074EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RISCV: Vector: Fixed context saving/restoring with xtheadvector. Previously, only v0-v7 were correctly saved/restored, and the context of v8-v31 was corrupted. v8-v31 were correctly saved/restored to avoid breaking the user space...

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Stale CPU state is discarded when handling SVE traps. The logic for handling SVE traps incorrectly manipulates the saved FPSIMD/SVE state. A race condition can occur where preemption causes a task to have TIFSVE set an...

7CVSS6.3AI score0.0001EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: lib/crypto: arm64/poly1305 – Fixed register corruption in no-SIMD contexts. The SIMD usability check, which was removed with the commit a59e5468a921 “crypto: arm64/poly1305 – Added block-only interface”, has been restored. Thi...

7.8CVSS5.7AI score0.00026EPSS

5.5CVSS5.3AI score0.00015EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfs: Fixed a kernel bug in netfslimititer for ITERKVEC iterators. When a process crashes and the kernel writes a core dump to a 9P filesystem, kernelwrite creates an ITERKVEC iterator. This iterator calls netfsunbufferedwrite,...

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в batik

A vulnerability in Batik of Apache XML Graphics allows an attacker to execute untrusted Java code from an SVG. This issue affects Apache XML Graphics versions prior to 1.16. It is recommended to update to version 1.16...

7.5CVSS7.2AI score0.00526EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в ghostscript

Artifex Ghostscript version 10.05.1 has a stack-based buffer overflow issue in pdfmarkcoercedest in the devices/vector/gdevpdfm.c file, due to the use of a large size value...

5.5CVSS6.4AI score0.00024EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в libde265

It was discovered that Libde265 v1.0.10 contains a heap buffer overflow vulnerability in the derivespatiallumavectorprediction function of the motion.cc library...

7.8CVSS7.3AI score0.00038EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•9 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: exec: Force a single empty string when argv is empty Quoting 1 Ariadne Conill: “In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program. This prevents scenarios...

5.5CVSS6AI score0.88057EPSS

Exploits149References2

5.3CVSS6.9AI score0.00331EPSS

Astra Linux - уязвимость в golang-golang-x-net

An attacker can cause excessive memory usage in a Go server that accepts HTTP/2 requests. HTTP/2 server connections include a cache of HTTP header keys sent by the client. Although the total number of entries in this cache is limited, an attacker who sends very large keys can cause the server to...

Vulnrichment•added 2026/05/19 6:14 p.m.•9 views

CVE-2026-33741 EspoCRM: Stored XSS via SVG attachment loading same-origin JavaScript

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...

6.8CVSS5.8AI score0.00041EPSS

ATTACKERKB•added 2026/05/19 6:14 p.m.•4 views

CVE-2026-33741

6.8CVSS5.8AI score0.00041EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/19 6:14 p.m.•10 views

EUVD-2026-30967

6.8CVSS5.8AI score0.00041EPSS

Github Security Blog•added 2026/05/19 4:34 p.m.•8 views

Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching

Summary The fetch-apify-docs tool validates URLs against a domain allowlist using String.startsWith instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains e.g., https://docs.apify.com.evil.com/, enabling the tool to fetch and return arbitrary web content ...

5.9AI score

Exploits0References2Affected Software1

OSV•added 2026/05/19 4:18 p.m.•5 views

GHSA-FHVH-VW7H-9XF3 libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

8.2CVSS5.8AI score

Exploits0References5

NVD•added 2026/05/19 4:16 p.m.•7 views

CVE-2026-30117

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

9.8CVSS0.00104EPSS