Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/01/30 10:15 p.m.•4 views

CVE-2025-36387

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query...

6.5CVSS5.4AI score0.00328EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/30 10:15 p.m.•2 views

CVE-2025-36184

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level...

7.2CVSS5.9AI score0.00471EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/30 10:15 p.m.•3 views

CVE-2025-36424

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic...

6.5CVSS5.5AI score0.00328EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/30 10:15 p.m.•4 views

CVE-2025-36427

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic...

6.5CVSS5.5AI score0.00328EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/30 10:15 p.m.•5 views

CVE-2025-2668

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query...

6.5CVSS5.4AI score0.00347EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/30 10:15 p.m.•3 views

CVE-2025-36070

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables...

7.5CVSS5.4AI score0.0035EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/30 10:15 p.m.•8 views

CVE-2025-36407

IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations...

6.5CVSS5.4AI score0.00275EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/30 10:15 p.m.•4 views

CVE-2025-36001

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

6.5CVSS5.6AI score0.00347EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/30 10:15 p.m.•6 views

CVE-2025-36098

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources...

6.5CVSS5.4AI score0.00347EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/30 10:15 p.m.•4 views

CVE-2025-36123

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources...

6.2CVSS5.4AI score0.00134EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/30 10:15 p.m.•5 views

CVE-2025-36423

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic...

6.5CVSS5.4AI score0.00242EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/30 9:15 p.m.•3 views

CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

9.2CVSS6.2AI score0.02388EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/01/30 8:16 p.m.•3 views

CVE-2025-11175

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...

8.8CVSS5.9AI score0.00424EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/30 7:16 p.m.•6 views

CVE-2025-62348

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...

7.8CVSS6.4AI score0.00179EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/30 7:16 p.m.•4 views

CVE-2025-69662

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

8.6CVSS5.9AI score0.00385EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/01/30 7:16 p.m.•6 views

CVE-2025-62349

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...

7.5CVSS6AI score0.00407EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/30 6:15 p.m.•5 views

CVE-2025-15497

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

7CVSS5.9AI score0.00323EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/30 5:16 p.m.•2 views

CVE-2020-36966

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

6.4CVSS5.9AI score0.00244EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/30 5:16 p.m.•3 views

CVE-2020-37014

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS6AI score0.00311EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/30 4:16 p.m.•6 views

CVE-2026-25128

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-rang...

7.5CVSS5.9AI score0.00559EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/01/30 3:16 p.m.•5 views

CVE-2024-4027

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service DoS attack...

7.5CVSS5.9AI score0.00575EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/30 12:0 a.m.•2 views

CVE-2026-25210

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...

7.8CVSS7AI score0.00193EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/29 10:15 p.m.•3 views

CVE-2026-25061

tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past...

7.5CVSS5.9AI score0.00517EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/29 10:15 p.m.•5 views

CVE-2026-25063

gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. Th...

8.3CVSS6.3AI score0.00689EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/29 8:16 p.m.•6 views

CVE-2026-25068

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

4.6CVSS7.2AI score0.00191EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/29 6:16 p.m.•4 views

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

5.4CVSS5.8AI score0.002EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/29 6:16 p.m.•3 views

CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

6.8CVSS5.9AI score0.00068EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/29 3:16 p.m.•4 views

CVE-2020-37011

Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to exhaust memory through repeated malloc calls and...

8.4CVSS5.8AI score0.00411EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/29 12:0 a.m.•9 views

CVE-2026-0818

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

4.3CVSS7.5AI score0.00159EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/01/28 8:16 p.m.•2 views

CVE-2025-61728

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...

6.5CVSS6.8AI score0.00643EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/28 8:16 p.m.•5 views

CVE-2025-61726

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/28 8:16 p.m.•4 views

CVE-2025-61731

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a...

7.8CVSS7.1AI score0.00532EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/28 8:16 p.m.•6 views

CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS7.5AI score0.00335EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/28 8:16 p.m.•6 views

CVE-2025-61730

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.3CVSS6.8AI score0.00276EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/28 6:16 p.m.•4 views

CVE-2020-36969

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...

8.8CVSS5.9AI score0.00419EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/01/28 6:16 p.m.•2 views

CVE-2020-36968

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...

7.1CVSS5.9AI score0.0042EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/01/28 6:16 p.m.•4 views

CVE-2025-33220

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or...

7.8CVSS7.3AI score0.00186EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/28 6:16 p.m.•4 views

CVE-2025-33219

NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or informatio...

7.8CVSS7.4AI score0.00186EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/28 4:16 p.m.•3 views

CVE-2026-1536

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

5.8CVSS6AI score0.00298EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/28 4:16 p.m.•4 views

CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

5.8CVSS6AI score0.00237EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/28 3:16 p.m.•4 views

CVE-2026-23014

In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimertrytocancel in perfsweventcancelhrtimer it appears possible for the hrtimer to still be active by the time the event gets freed. Make sure the event doe...

7.8CVSS5.7AI score0.00116EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/28 3:16 p.m.•7 views

CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

2.1CVSS5.9AI score0.00133EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/28 1:15 p.m.•4 views

CVE-2020-36986

Prey 1.9.6 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the CronService to insert malicious code that would execute during application startup or system reboot...

8.5CVSS6AI score0.0016EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/28 1:16 a.m.•3 views

CVE-2026-24842

node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path...

8.2CVSS6.6AI score0.00541EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/28 12:0 a.m.•4 views

CVE-2025-58150

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing...

8.8CVSS5.9AI score0.00127EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/28 12:0 a.m.•4 views

CVE-2026-23553

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CPU A, running task ...

2.9CVSS5.8AI score0.00129EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/27 10:15 p.m.•4 views

CVE-2026-24747

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...

8.8CVSS6.1AI score0.00695EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2026/01/27 10:15 p.m.•5 views

CVE-2026-24765

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

7.8CVSS6.3AI score0.00343EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/01/27 8:16 p.m.•3 views

CVE-2026-24688

pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects...

5.1CVSS5.7AI score0.00388EPSS
Exploits2References5
UbuntuCve
UbuntuCve
•added 2026/01/27 7:16 p.m.•3 views

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

9.8CVSS6.4AI score0.01745EPSS
Exploits1References2
Total number of security vulnerabilities68528