CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4440 matches found

CVE-2026-7574

Anthropic Claude Desktop Cowork VM images (v1.1348.0–v1.2278.0) do not validate the contents of rootfs.img at time-of-use; only file presence and a version marker are checked. A local, unprivileged macOS user can modify the VM root filesystem image and have it trusted on subsequent Cowork VM boot...

8.7CVSS6.5AI score

Exploits0References2

RedhatCVE•added yesterday•6 views

CVE-2026-47141

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. Prior to version 3.11.4, NodeVM, a component of vm2, improperly exposed certain process-wide observability builtins, such as diagnosticschannel, asynchooks, and perfhooks. These builtins, which are designed for...

8.6CVSS5.7AI score0.00308EPSS

Exploits0References6

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: VMCI: fixed a race condition between vmcihostsetupnotify and vmcictxunsetnotify. During our testing, it was found that a warning can occur in trygrabfolio. The detailed error message is as follows: ----------- Cut here ----------...

7CVSS6.3AI score0.00129EPSS

Exploits0References2

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linearpitchalignment even for VM Description Assign linearpitchalignment to prevent division by zero errors in VM environments...

5.5CVSS6.1AI score0.0023EPSS

Exploits0References2

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct page corresponding to a guest ASCE should be 0. When replacing the ASCE in s390replaceasce, the index of the new ASCE should also be set to 0. Using th...

5.2AI score0.00209EPSS

Exploits0References2

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only warnings are issued when overwriting a shadow-present SPTE, specifically when it occurs in direct MMUs. The sanity check of KVM is adjusted to only apply to direct MMUs, i.e., only to MMUs that do not have...

5.5CVSS5.8AI score0.00165EPSS

Exploits0References1

AstraLinux•added 5 days ago•8 views

Astra Linux – Vulnerability in amd64-microcode

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to influence the cache line write-back behavior of the CPU, resulting in a potential loss of integrity of the guest virtual machine VM memory...

6.5CVSS6.7AI score0.01018EPSS

Exploits0References2

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Disabling IBT when the hypercall page lacks the ENDBR instruction. On hardware that supports Indirect Branch Tracking IBT, Hyper-V VMs with ConfigVersion 9.3 or later support IBT in the guest. However, current version...

5.2AI score0.00166EPSS

Exploits0References1

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Properly clear the vmci transport packet when initializing it. In vmcitransportpacketinit, memset is used to clear the vmcitransportpacket before populating the fields, to avoid any uninitialized data remaining in the...

7.8CVSS6.2AI score0.00168EPSS

Exploits0References2

ATTACKERKB•added 6 days ago•6 views

CVE-2026-42487

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

7.9CVSS5.2AI score0.00095EPSS

Exploits0References2

RedhatCVE•added last week•5 views

CVE-2026-49759

A flaw was found in Erlang OTP Open Telecom Platform erts, specifically within the inetdrv component. An unauthenticated remote attacker can exploit a stack-based buffer overflow vulnerability by sending a specially crafted Stream Control Transmission Protocol SCTP ERROR chunk. This can lead to a...

8.8CVSS5.3AI score0.0046EPSS

Exploits0References8

RedHat Linux•added last week•5 views

netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...

7.5CVSS5.4AI score0.00426EPSS

Exploits0References7

RedhatCVE•added 2026/06/16 6:39 a.m.•6 views

CVE-2026-47140

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This vulnerability allows sandboxed code to bypass intended security restrictions by exploiting missing entries in the denylist for dangerous Node.js built-in functions, specifically process and inspector/promises. A...

10CVSS5.6AI score0.00536EPSS

Exploits0References6

NVD•added 2026/06/12 3:16 p.m.•12 views

CVE-2026-47140

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, workerthreads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed code to reach...

10CVSS0.00536EPSS

Exploits0References3

EUVD•added 2026/06/12 2:15 p.m.•8 views

EUVD-2026-36444

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes...

8.6CVSS5.2AI score0.00282EPSS

Exploits0References3

Positive Technologies•added 2026/06/12 12:0 a.m.•11 views

PT-2026-48843

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.2AI score0.00121EPSS

Exploits0References4

GithubExploit•added 2026/06/11 4:28 p.m.•52 views

Exploit for Use After Free in Linux Linux_Kernel

CVE-2026-23111 nftables LPE: exposure check and safe lab Def...

7.8CVSS5.9AI score0.00236EPSS

Exploits5

RedhatCVE•added 2026/06/11 2:59 p.m.•9 views

CVE-2026-49495

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS5.5AI score0.00151EPSS

Exploits1References1

Vulnrichment•added 2026/06/10 10:20 p.m.•7 views

CVE-2026-47213 BoxLite: Timeout Bypass Vulnerability

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...

6.5CVSS5.5AI score0.00268EPSS

Exploits0References2

EUVD•added 2026/06/10 10:20 p.m.•8 views

EUVD-2026-36197

6.5CVSS5.5AI score0.00268EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by