CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 6 days ago•5 views

CVE-2026-11624

9.4CVSS5.3AI score0.00222EPSS

EUVD•added 6 days ago•11 views

EUVD-2026-36650

9.4CVSS5.3AI score0.00222EPSS

Positive Technologies•added 6 days ago•7 views

PT-2026-49089

Name of the Vulnerable Software and Affected Versions Model Context Protocol versions prior to 0.25.0 Description Servers fail to validate the "Origin" header on incoming connections, which may allow DNS rebinding attacks. DNS rebinding is a method of bypassing the Same-Origin Policy to interact...

9.4CVSS5.3AI score0.00222EPSS

OSV•added 2026/06/12 12:28 p.m.•10 views

OESA-2026-2676 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: parisc: Drop WARNONONCE from flushcachevmap I have observed warning to occassionally trigger.CVE-2025-39781 In the Linux kernel, the following vulnerability has...

9.8CVSS5.6AI score0.00576EPSS

Exploits0References47

EUVD•added 2026/06/12 11:53 a.m.•8 views

EUVD-2026-36415

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with...

2.1CVSS5.2AI score0.00251EPSS

Positive Technologies•added 2026/06/12 12:0 a.m.•9 views

PT-2026-48861

2.1CVSS5.3AI score0.00251EPSS

Snyk•added 2026/06/11 4:23 p.m.•2 views

Malicious Package

Overview forge-jsx2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score

Snyk•added 2026/06/11 9:35 a.m.•2 views

Malicious Package

Overview typeorm-encrypt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48496

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic...

5.7CVSS5.4AI score0.00252EPSS

SUSE CVE•added 2026/06/09 2:20 a.m.•8 views

SUSE CVE-2026-46304

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmetctrlfree nvmettcpreleasequeuework runs on nvmet-wq and can drop the final controller reference through nvmetcqput. If that triggers nvmetctrlfree, the teardown path flushes...

4.7CVSS5.4AI score0.00389EPSS

RedhatCVE•added 2026/06/08 7:15 p.m.•6 views

CVE-2026-46295

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A race condition in the Advanced Programmable Interrupt Controller APIC interrupt handling can lead to an incorrect state during interrupt synchronization. This issue, occurring between a sender and target virtual...

5.5CVSS5.5AI score0.00155EPSS

Exploits0References4

RedhatCVE•added 2026/06/08 7:8 p.m.•6 views

CVE-2026-46297

A flaw was found in the Linux kernel's libwx network driver. Incorrect handling of virtual function VF miscellaneous interrupts, specifically using requestthreadedirq with a null threaded handler and the IRQFONESHOT flag, can trigger a kernel warning. This issue may lead to system instability or...

5.5AI score0.00154EPSS

Exploits0References4

NVD•added 2026/06/08 5:16 p.m.•10 views

CVE-2026-46304

7.5CVSS0.00389EPSS

NVD•added 2026/06/08 5:16 p.m.•6 views

CVE-2026-46279

In the Linux kernel, the following vulnerability has been resolved: mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed befor...

0.00166EPSS

OSV•added 2026/06/08 5:16 p.m.•5 views

UBUNTU-CVE-2026-46299

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the subsequent call to hfspluscatbuildkey fails, the function jumps to the...

7CVSS5.4AI score0.00113EPSS

ATTACKERKB•added 2026/06/08 3:46 p.m.•3 views

CVE-2026-46304

5.3AI score0.00389EPSS

Exploits0References9Affected Software1

CVE•added 2026/06/08 3:46 p.m.•17 views

CVE-2026-46304

MODE C: The CVE-2026-46304 entry centers on the Linux kernel nvmet subsystem. The vulnerability stems from nvmet_tcp_release_queue_work() running on the nvmet-wq and possibly dropping the final controller reference through nvmet_cq_put(), which can trigger nvmet_ctrl_free() and flush ctrl->asy...

7.5CVSS5.4AI score0.00389EPSS

Cvelist•added 2026/06/08 3:46 p.m.•36 views

CVE-2026-46304 nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free

7.5CVSS0.00389EPSS

CVE•added 2026/06/08 3:41 p.m.•16 views

CVE-2026-46279

The CVE-2026-46279 issue in the Linux kernel is in mm/alloc_tag: pages allocated before page_ext initialization may have an uninitialized codetag, triggering warnings when freed under certain configs. The fix implements a global array (8192 entries) to track pages allocated before page_ext is ful...

5.4AI score0.00166EPSS