Lucene search
+L

1332 matches found

osv
osv
added 3 days ago4 views

UBUNTU-CVE-2026-40469

Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...

9.1CVSS6AI score0.00213EPSS
Exploits0References2
osv
osv
added 3 days ago3 views

UBUNTU-CVE-2026-15551

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS6.1AI score0.00081EPSS
Exploits0References2
osv
osv
added 6 days ago4 views

UBUNTU-CVE-2026-57158

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...

9.1CVSS6.1AI score0.0069EPSS
Exploits1References3
osv
osv
added 2026/07/09 5:17 p.m.3 views

UBUNTU-CVE-2026-58459

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

9.6CVSS6.4AI score0.01775EPSS
Exploits1References4
euvd
euvd
added 2026/07/09 12:31 a.m.9 views

EUVD-2026-42435

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References2
osv
osv
added 2026/07/08 9:16 p.m.3 views

UBUNTU-CVE-2026-15169

UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

7.5CVSS6.1AI score0.00218EPSS
Exploits0References2
osv
osv
added 2026/07/08 9:16 p.m.3 views

UBUNTU-CVE-2026-13320

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper...

7.3CVSS7.2AI score0.00243EPSS
Exploits0References2
osv
osv
added 2026/07/08 9:16 p.m.2 views

UBUNTU-CVE-2026-15170

Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00133EPSS
Exploits1References2
osv
osv
added 2026/07/08 8:16 p.m.3 views

UBUNTU-CVE-2026-59936

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in...

8.7CVSS6.1AI score0.00345EPSS
Exploits0References4
osv
osv
added 2026/07/08 8:16 p.m.4 views

UBUNTU-CVE-2026-59946

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS6.1AI score0.00136EPSS
Exploits0References3
osv
osv
added 2026/07/08 8:16 p.m.3 views

UBUNTU-CVE-2026-59935

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop during parsing such as when extracting page text. This issu...

8.7CVSS6.1AI score0.00352EPSS
Exploits0References4
osv
osv
added 2026/07/08 8:16 p.m.3 views

UBUNTU-CVE-2026-55404

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpageurl or filename metadata without sufficient validation or escaping,...

8.8CVSS6.2AI score0.0064EPSS
Exploits0References5
osv
osv
added 2026/07/08 5:17 p.m.2 views

UBUNTU-CVE-2026-59928

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References3
osv
osv
added 2026/07/08 5:17 p.m.4 views

UBUNTU-CVE-2026-59925

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...

7.5CVSS6.1AI score0.00358EPSS
Exploits1References3
osv
osv
added 2026/07/08 4:16 p.m.2 views

UBUNTU-CVE-2026-59873

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS7AI score0.00358EPSS
Exploits1References3
osv
osv
added 2026/07/08 3:16 p.m.4 views

UBUNTU-CVE-2026-49146

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References3
nessus
nessus
added 2026/07/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-47709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - libheif - None Ubuntu Linux - Unknown description CVE-2026-47709 Note that Nessus relies on the presence of the package as reported by the vendor...

6.1AI score0.00025EPSS
Exploits0References3
nessus
nessus
added 2026/07/02 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-47254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - libheif - None Ubuntu Linux - Unknown description CVE-2026-47254 Note that Nessus relies on the presence of the package as reported by the vendor...

6.1AI score0.00024EPSS
Exploits0References3
osv
osv
added 2026/07/01 7:16 p.m.3 views

UBUNTU-CVE-2026-55577

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in...

5.9CVSS6AI score0.00226EPSS
Exploits0References3
osv
osv
added 2026/06/26 9:16 a.m.7 views

UBUNTU-CVE-2026-11625

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References7
Rows per page
Query Builder