CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1059 matches found

SUSE CVE•added 2026/04/02 11:28 p.m.•2 views

SUSE CVE-2026-23414

In the Linux kernel, the following vulnerability has been resolved: tls: Purge asynchold in tlsdecryptasyncwait The asynchold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once tlsdecryptasyncwait returns, every AEAD operation has completed and the engin...

4.7CVSS5.6AI score0.00238EPSS

Exploits0References15

EUVD•added 2026/04/02 12:31 p.m.•2 views

EUVD-2026-18195

5.6AI score0.00238EPSS

Exploits0References6

OSV•added 2026/04/02 12:16 p.m.•2 views

UBUNTU-CVE-2026-23414

7.5CVSS5.6AI score0.00238EPSS

Exploits0References3

CVE•added 2026/04/02 11:40 a.m.•13 views

CVE-2026-23414

CVE-2026-23414 is addressed in the Linux kernel TLS code. The vulnerability involved the async_hold queue that pins encrypted input skbs while AEAD operations reference scatterlist data. The fix centralizes purge of async_hold in tls_decrypt_async_wait(), ensuring all callers (recvmsg drain path,...

7.5CVSS5.6AI score0.00238EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/04/02 12:0 a.m.•4 views

PT-2026-29721

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the handling of asynchronous decryption within the TLS Transport Layer Security protocol. Specifically, the async hold queue, used to manage...

7.8CVSS5.8AI score0.00238EPSS

Exploits0References265

SUSE CVE•added 2026/03/28 12:24 a.m.•4 views

SUSE CVE-2026-33622

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 through v0.8.5 allow arbitrary JavaScript execution through POST /wait and POST /tabs/id/wait when the request uses fn mode, even if security.allowEvaluate is disabled. POST /evaluate...

8.8CVSS6.3AI score0.00512EPSS

Exploits1References3

RedhatCVE•added 2026/03/27 10:51 p.m.•2 views

CVE-2026-33622

8.8CVSS6.3AI score0.00512EPSS

Exploits1References1

OSV•added 2026/03/27 7:10 a.m.•3 views

BIT-NGINX-GATEWAY-2026-27651 NGINX ngx_mail_auth_http_module vulnerability

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.9AI score0.00481EPSS

Exploits0References2

OSV•added 2026/03/27 7:10 a.m.•2 views

BIT-NGINX-2026-27651 NGINX ngx_mail_auth_http_module vulnerability

8.7CVSS5.9AI score0.00481EPSS

Exploits0References2

NVD•added 2026/03/26 9:17 p.m.•3 views

CVE-2026-33622

8.8CVSS0.00512EPSS

Exploits1References1

OSV•added 2026/03/26 8:44 p.m.•5 views

CVE-2026-33622 A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution

6.1CVSS6.3AI score0.00512EPSS

Exploits1References3

Cvelist•added 2026/03/26 8:44 p.m.•19 views

CVE-2026-33622 A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution

6.1CVSS0.00512EPSS

Exploits1References1

Vulnrichment•added 2026/03/26 8:44 p.m.•3 views

CVE-2026-33622 A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution

6.1CVSS6.3AI score0.00512EPSS

Exploits1References1

CVE•added 2026/03/26 8:44 p.m.•8 views

CVE-2026-33622

PinchTab CVE-2026-33622 affects PinchTab v0.8.3–v0.8.5, where POST /wait in fn mode could embed user-supplied expressions into executable JavaScript and run in the browser context, bypassing the security.allowEvaluate policy (though authentication is required). The issue constitutes a security-po...

8.8CVSS6.2AI score0.00512EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/03/26 8:44 p.m.•1 views

CVE-2026-33622

6.1CVSS6.2AI score0.00512EPSS

Exploits1References2Affected Software1

OSV•added 2026/03/26 8:33 p.m.•2 views

GO-2026-4824 A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution in github.com/pinchtab/pinchtab

A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution in github.com/pinchtab/pinchtab...

8.8CVSS5.9AI score0.00512EPSS

Exploits1References1

CNNVD•added 2026/03/26 12:0 a.m.•5 views

pinchtab 安全漏洞

Pinchtab is an open-source AI proxy browser control tool developed by Pinchtab. Versions 0.8.3 to 0.8.5 of Pinchtab contain security vulnerabilities. These vulnerabilities stem from the POST /wait endpoint bypassing security policy checks, which may allow arbitrary JavaScript execution...

8.8CVSS6.5AI score0.00512EPSS

Exploits1References1

SUSE CVE•added 2026/03/25 4:56 p.m.•3 views

SUSE CVE-2026-23311

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

5.8AI score0.00093EPSS

Exploits0References3

RedhatCVE•added 2026/03/25 4:2 p.m.•4 views

CVE-2026-23311

A flaw was found in the Linux kernel's perf/core component. This vulnerability occurs due to an invalid wait context during event scheduling, specifically when a pinned event fails and attempts to wake up threads in the ring buffer. An attacker could potentially exploit this to cause system...

5.5CVSS5.7AI score0.00093EPSS

Exploits0References4

RedhatCVE•added 2026/03/25 2:39 p.m.•3 views

CVE-2026-23338

A flaw was found in the Linux kernel, specifically within the drm/amdgpu/userq component. This vulnerability allows a local user to intentionally or unintentionally trigger kernel warnings. This occurs when the user provides an incorrect number of fences during a userq wait ioctl operation. While...

5.8AI score0.00121EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by