CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60236 matches found

ATTACKERKB•added 2026/04/24 5:18 p.m.•2 views

CVE-2026-41678

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.2CVSS5.6AI score0.00294EPSS

Exploits0References2Affected Software1

OSV•added 2026/04/24 4:3 p.m.•4 views

BIT-MINIO-2026-41145 MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in 2023.05.18 and prior to 2026.04.11, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing t...

8.8CVSS5.8AI score0.00349EPSS

Exploits0References4

OSV•added 2026/04/24 4:3 p.m.•6 views

BIT-MINIO-2026-40344 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in 2023.05.18 and prior to 2026.04.11, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write arbitrary objects to any bucket without...

8.8CVSS6AI score0.00418EPSS

Exploits0References4

OSV•added 2026/04/24 3:16 p.m.•5 views

DEBIAN-CVE-2026-31601

In the Linux kernel, the following vulnerability has been resolved: vfio/xe: Reorganize the init to decouple migration from reset Attempting to issue reset on VF devices that don't support migration leads to the following: BUG: unable to handle page fault for address: 00000000000011f8 PF:...

5.5CVSS5.3AI score0.00121EPSS

Exploits0References1

OSV•added 2026/04/24 3:16 p.m.•6 views

DEBIAN-CVE-2026-31607

In the Linux kernel, the following vulnerability has been resolved: usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites urb-numberofpackets from the network PDU. This value is subsequently used as...

9.8CVSS5.6AI score0.00576EPSS

Exploits0References1

OSV•added 2026/04/24 3:16 p.m.•4 views

DEBIAN-CVE-2026-31598

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible deadlock between unlink and dioendiowrite ocfs2unlink takes orphan dir inodelock first and then ipallocsem, while in ocfs2dioendiowrite, it acquires these locks in reverse order. This creates an ABBA lock...

7.5CVSS5.3AI score0.00435EPSS

Exploits0References1

NVD•added 2026/04/24 3:16 p.m.•7 views

CVE-2026-31588

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use scratch field in MMIO fragment to hold small write values When exiting to userspace to service an emulated MMIO write, copy the to-be-written value to a scratch field in the MMIO fragment if the size of the data...

8.8CVSS0.00128EPSS

Exploits0References9

OSV•added 2026/04/24 3:16 p.m.•2 views

DEBIAN-CVE-2026-31588

8.8CVSS5.4AI score0.00128EPSS

Exploits0References1

NVD•added 2026/04/24 3:16 p.m.•3 views

CVE-2026-31580

In the Linux kernel, the following vulnerability has been resolved: bcache: fix cacheddev.sbbio use-after-free and crash In our production environment, we have received multiple crash reports regarding libceph, which have caught our attention: 6888366.280350 Call Trace: 6888366.280452...

7.8CVSS0.00128EPSS

Exploits0References9

OSV•added 2026/04/24 3:16 p.m.•3 views

DEBIAN-CVE-2026-31580

7.8CVSS5.4AI score0.00128EPSS

Exploits0References1

NVD•added 2026/04/24 3:16 p.m.•4 views

CVE-2026-31551

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix staticbranchdec underflow for aqldisable. syzbot reported staticbranchdec underflow in aqlenablewrite. 0 The problem is that aqlenablewrite does not serialise concurrent writes to the debugfs. aqlenablewrite...

5.5CVSS0.00123EPSS

Exploits0References7

UbuntuCve•added 2026/04/24 3:16 p.m.•4 views

CVE-2026-31551

5.5CVSS5.4AI score0.00123EPSS

Exploits0References9

RedhatCVE•added 2026/04/24 2:48 p.m.•5 views

CVE-2026-40611

A flaw was found in lego, the Let's Encrypt client and ACME library written in Go. A malicious ACME Automated Certificate Management Environment server can exploit a path traversal vulnerability in the webroot HTTP-01 challenge provider. By supplying a specially crafted challenge token containing...

8.8CVSS5.6AI score0.00309EPSS

Exploits0References4

CVE•added 2026/04/24 2:42 p.m.•54 views

CVE-2026-31607

CVE-2026-31607 (Linux kernel USB/IP) : A RET_SUBMIT response can cause an out-of-bounds write when usbip_pack_ret_submit() overwrites urb->number_of_packets without validation. The loop bound in usbip_recv_iso()/usbip_pad_iso() then writes beyond urb->iso_frame_desc[], triggering a heap OOB...

9.8CVSS5.6AI score0.00576EPSS

Exploits0References9Affected Software1

EUVD•added 2026/04/24 2:42 p.m.•4 views

EUVD-2026-25500

5.6AI score0.00576EPSS

Exploits0References4

CVE•added 2026/04/24 2:42 p.m.•13 views

CVE-2026-31598

Summary of CVE-2026-31598 (ocfs2 deadlock) : In the Linux kernel OCFS2, a potential deadlock arises from ABBA lock ordering between unlink and dio_end_io_write. The path in unlink acquires inode_lock (orphan_dir_inode) before ip_alloc_sem, while dio_end_io_write acquires ip_alloc_sem first, then ...

7.5CVSS5.4AI score0.00435EPSS

Exploits0References9Affected Software1

EUVD•added 2026/04/24 2:42 p.m.•5 views

EUVD-2026-25473

5.5AI score0.00128EPSS

Exploits0References4