Lucene search
K

1311 matches found

OSV
OSV
added 2026/06/25 6:16 p.m.3 views

UBUNTU-CVE-2026-6291

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6.5CVSS5.8AI score0.00152EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 4:16 p.m.2 views

UBUNTU-CVE-2026-57452

Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...

5.5CVSS5.8AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 3:16 p.m.2 views

UBUNTU-CVE-2026-57436

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...

6.3CVSS5.7AI score0.00312EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 10:16 p.m.3 views

UBUNTU-CVE-2026-2050

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.6AI score0.00552EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 5:17 p.m.3 views

UBUNTU-CVE-2026-54905

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 5:17 p.m.2 views

UBUNTU-CVE-2026-53078

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix same-register dst/src OOB read and pointer leak in sockops When a BPF sockops program accesses ctx fields with dstreg == srcreg, the SOCKOPSGETSK and SOCKOPSGETFIELD macros fail to zero the destination register in the...

7.8CVSS5.6AI score0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 1:16 p.m.4 views

UBUNTU-CVE-2026-56376

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service...

6.3CVSS5.8AI score0.00184EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 7:17 p.m.2 views

UBUNTU-CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References4
OSV
OSV
added 2026/06/22 6:16 p.m.2 views

UBUNTU-CVE-2026-50169

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

6.1CVSS5.8AI score0.00165EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 6:16 p.m.2 views

UBUNTU-CVE-2026-54276

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to...

6.3CVSS5.9AI score0.00178EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 4:16 p.m.3 views

UBUNTU-CVE-2026-54265

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

6.1CVSS5.8AI score0.00195EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 4:16 p.m.4 views

UBUNTU-CVE-2026-54266

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 4:16 p.m.2 views

UBUNTU-CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References2
OSV
OSV
added 2026/06/21 4:16 p.m.4 views

UBUNTU-CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 9:17 p.m.4 views

UBUNTU-CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS5.8AI score0.00227EPSS
Exploits1References3
OSV
OSV
added 2026/06/19 12:0 a.m.5 views

UBUNTU-CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 8:17 p.m.63 views

UBUNTU-CVE-2026-55200

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...

9.2CVSS7.5AI score0.00732EPSS
Exploits10References4
OSV
OSV
added 2026/06/17 5:16 p.m.8 views

UBUNTU-CVE-2026-12151

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS5.9AI score0.0057EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 1:16 p.m.3 views

UBUNTU-CVE-2026-12300

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.3CVSS5.8AI score0.00252EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 1:16 p.m.3 views

UBUNTU-CVE-2026-12330

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12...

5.4CVSS5.8AI score0.00164EPSS
Exploits0References4
Rows per page
Query Builder