Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/01/27 7:16 p.m.•4 views

CVE-2026-24116

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

5.5CVSS5.7AI score0.00214EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2026/01/27 7:16 p.m.•5 views

CVE-2026-24882

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys...

8.4CVSS6.4AI score0.00421EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/27 7:16 p.m.•4 views

CVE-2026-22264

Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run...

9.1CVSS5.9AI score0.00344EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/01/27 7:16 p.m.•5 views

CVE-2026-22262

Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not us...

9.8CVSS6AI score0.00467EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2026/01/27 7:16 p.m.•2 views

CVE-2026-22263

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

5.3CVSS5.8AI score0.00401EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/27 7:16 p.m.•5 views

CVE-2026-24883

In GnuPG before 2.5.17, a long signature packet length causes parsesignature to return success with sig-data set to a NULL value, leading to a denial of service application crash...

5.5CVSS5.9AI score0.00447EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/27 7:16 p.m.•4 views

CVE-2026-22261

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve...

5.3CVSS5.9AI score0.00312EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/01/27 6:15 p.m.•3 views

CVE-2025-14911

User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container...

7.1CVSS5.9AI score0.00275EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/27 6:15 p.m.•4 views

CVE-2026-22260

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

7.5CVSS5.9AI score0.00494EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/27 5:16 p.m.•5 views

CVE-2026-22259

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while parsing DNP3 traffic. This can lead to the process slowing down and running out of memory, potentially leading to it getting...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/27 5:16 p.m.•5 views

CVE-2026-22258

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB...

7.5CVSS6AI score0.00483EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/27 4:16 p.m.•3 views

CVE-2026-24869

Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/27 4:16 p.m.•3 views

CVE-2026-24868

Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2...

6.5CVSS5.8AI score0.00177EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/27 4:16 p.m.•5 views

CVE-2025-28164

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via pngcreatereadstruct function...

5.5CVSS5.9AI score0.00139EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/01/27 4:16 p.m.•3 views

CVE-2025-68670

xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote...

9.8CVSS7.9AI score0.01318EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/27 4:16 p.m.•3 views

CVE-2025-28162

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer ASan, the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive...

5.5CVSS6.1AI score0.00139EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/01/27 3:15 p.m.•8 views

CVE-2026-1489

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds write...

5.4CVSS5.9AI score0.00325EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/27 2:15 p.m.•6 views

CVE-2026-1484

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrust...

4.2CVSS5.9AI score0.00304EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/27 2:15 p.m.•4 views

CVE-2026-1485

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access...

2.8CVSS5.8AI score0.00139EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/27 10:15 a.m.•3 views

CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

5.8CVSS6.1AI score0.00312EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/27 9:15 a.m.•2 views

CVE-2026-21721

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege...

8.1CVSS6.8AI score0.00647EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/27 9:15 a.m.•6 views

CVE-2026-24808

Integer Overflow or Wraparound vulnerability in RawTherapee rtengine modules. This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11...

8.3CVSS5.9AI score0.00129EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/27 9:15 a.m.•9 views

CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

7.5CVSS6.7AI score0.00618EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•4 views

CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

7.5CVSS6.8AI score0.00768EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•2 views

CVE-2025-69419

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS6.9AI score0.00444EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•6 views

CVE-2026-22796

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

5.3CVSS6.7AI score0.00502EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•1 views

CVE-2025-69421

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

7.5CVSS7.2AI score0.00844EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•6 views

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

8.8CVSS7.5AI score0.47621EPSS
Exploits7References2
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•5 views

CVE-2026-24486

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

8.6CVSS6.7AI score0.02228EPSS
Exploits5References6
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•2 views

CVE-2026-24480

QGIS is a free, open source, cross platform geographical information system GIS The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code execution and repository compromise because it...

8.7CVSS6.3AI score0.00414EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•4 views

CVE-2025-11187

Issue summary: PBMAC1 parameters in PKCS12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial o...

6.1CVSS7.7AI score0.00515EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•3 views

CVE-2025-15469

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

5.5CVSS7AI score0.00176EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•3 views

CVE-2025-66199

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

5.9CVSS6.9AI score0.00403EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•3 views

CVE-2026-24686

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

4.7CVSS5.8AI score0.00211EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•4 views

CVE-2025-15468

Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Servic...

5.9CVSS7AI score0.00748EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•3 views

CVE-2025-68160

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...

4.7CVSS6.4AI score0.00152EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•6 views

CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS6.3AI score0.00115EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/27 12:0 a.m.•1 views

CVE-2026-22795

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...

5.5CVSS6.4AI score0.00144EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/26 11:16 p.m.•5 views

CVE-2026-24476

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...

5.4CVSS5.9AI score0.00147EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/01/26 11:16 p.m.•5 views

CVE-2026-24400

AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...

9.1CVSS6.2AI score0.00542EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/26 8:16 p.m.•3 views

CVE-2026-0810

A flaw was found in gix-date. The gixdate::parse::TimeBuf::asstr function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the TimeBuf component, leading to undefined behavior when these malformed strings are subsequently processed...

7.1CVSS5.8AI score0.00193EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/26 8:16 p.m.•3 views

CVE-2025-9820

A flaw was found in the GnuTLS library, specifically in the gnutlspkcs11tokeninit function that handles PKCS11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the applicatio...

4CVSS5.8AI score0.00203EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/26 8:16 p.m.•2 views

CVE-2025-11065

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS6.3AI score0.00357EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/26 8:16 p.m.•3 views

CVE-2025-11687

A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter reflected DOM XSS...

6.1CVSS6AI score0.00337EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/26 8:16 p.m.•5 views

CVE-2025-9615

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added t...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/01/26 4:15 p.m.•6 views

CVE-2025-50537

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run method, which validates test cases and checks for duplicates. During validation, the internal function...

5.5CVSS7.3AI score0.00163EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/26 12:0 a.m.•5 views

CVE-2026-1416

A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released...

4.8CVSS5.4AI score0.00196EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2026/01/26 12:0 a.m.•4 views

CVE-2026-1418

A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gftextimportsrtbifs of the file src/scenemanager/texttobifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The attack needs to be performed locally. The exploit has...

7.8CVSS5.5AI score0.00219EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2026/01/26 12:0 a.m.•5 views

CVE-2026-1417

A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dumpisomrtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been made available to the public and coul...

4.8CVSS5.4AI score0.00196EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2026/01/26 12:0 a.m.•5 views

CVE-2026-1425

A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function dnsdecoderrhead/dnsdecodeSVCBHTTPS of the file src/dns.c of the component SVBC Record Parser. The manipulation results in stack-based buffer overflow. It is possible to launch the attack...

6.3CVSS5.9AI score0.00366EPSS
Exploits0References1
Total number of security vulnerabilities68528