Lucene search
+L

100 matches found

UbuntuCve
UbuntuCve
added 5 days ago12 views

CVE-2026-45071

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Crawler::addXmlContent set DOMDocument::$validateOnParse = true before loadXML, re-enabling external entity resolution and allowing attacker-supplied XML ...

8.7CVSS6.1AI score0.00462EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 5 days ago11 views

CVE-2026-45064

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlSanitizer::parse passes Unicode explicit-direction BiDi formatting characters through into sanitized href and src attributes, allowing sanitized...

6.1CVSS6.1AI score0.00293EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 5 days ago11 views

CVE-2026-45066

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts or allowMediaHosts because UrlSanitizer::parse follows RFC 3986...

6.1CVSS6.1AI score0.0029EPSS
Exploits0References2
OSV
OSV
added 2026/07/10 12:0 a.m.4 views

UBUNTU-CVE-2026-14741

ReDoS in parsedate...

6.1AI score0.00209EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/07/07 3:13 p.m.10 views

SUSE CVE-2026-58386

unknown...

5.9AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/25 6:16 p.m.10 views

CVE-2026-47770

jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...

6.8CVSS6.1AI score0.00111EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/23 2:19 a.m.7 views

SUSE CVE-2026-55195

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...

8.7CVSS6.1AI score0.00321EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 12:0 a.m.7 views

UBUNTU-CVE-2026-53489

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue h...

8.2CVSS6.1AI score0.00208EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 2:17 p.m.9 views

UBUNTU-CVE-2026-42490

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

6.5CVSS5.8AI score0.002EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/17 2:17 a.m.10 views

SUSE CVE-2026-45309

unknown...

5.9CVSS5.2AI score0.00453EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 7:27 p.m.15 views

CVE-2026-46816

Technical details for CVE-2026-46816 are not publicly available in the provided documents. Monitor for updates.

3.2CVSS5AI score0.00162EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/15 8:16 p.m.7 views

UBUNTU-CVE-2025-55644

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS5.9AI score0.00188EPSS
Exploits1References2
OSV
OSV
added 2026/06/12 6:16 p.m.7 views

UBUNTU-CVE-2026-48163

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

9.1CVSS5.8AI score0.00654EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/10 11:16 p.m.10 views

CVE-2026-47166

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versio...

5.7CVSS6.1AI score0.00093EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/10 10:16 p.m.8 views

CVE-2026-46523

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue...

7.5CVSS6.5AI score0.00301EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 10:16 p.m.8 views

UBUNTU-CVE-2026-45359

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been...

7.1CVSS5.4AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/07 4:38 a.m.12 views

SUSE CVE-2026-22009

unknown...

6.5CVSS7.4AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.10 views

SUSE CVE-2026-50142

unknown...

6.2CVSS5.4AI score0.00089EPSS
Exploits0References5
OSV
OSV
added 2026/06/04 4:16 p.m.9 views

UBUNTU-CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

5.4CVSS5.3AI score0.00202EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:23 a.m.16 views

SUSE CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8.1CVSS5.8AI score0.0032EPSS
Exploits0References7
Rows per page
Query Builder