Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2026/01/23 3:16 p.m.1 views

CVE-2025-71149

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6AI score0.00018EPSS
Exploits0References26
UbuntuCve
UbuntuCve
added 2026/01/23 3:16 p.m.2 views

CVE-2025-71148

In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...

3.3CVSS5.9AI score0.0011EPSS
Exploits0References25
UbuntuCve
UbuntuCve
added 2026/01/23 3:16 p.m.2 views

CVE-2025-71146

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. In order to solve it make sure that the check is...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References15
UbuntuCve
UbuntuCve
added 2026/01/23 3:16 p.m.1 views

CVE-2025-71156

In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. This allows interrupt to fire before the associated NAPI context is fully initialized and cause...

7.8CVSS6.2AI score0.00119EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2026/01/23 3:16 p.m.4 views

CVE-2025-71155

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmaphelperzaponepage again A few checks were missing in gmaphelperzaponepage, which can lead to memory corruption in the guest under specific circumstances. Add the missing checks...

7.8CVSS6.6AI score0.00112EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/01/23 3:16 p.m.2 views

CVE-2025-71157

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ibdelsubdeviceandput Since nldevdeldev introduced by commit 060c642b2ab8 "RDMA/nldev: Add support to add/delete a sub IB device through netlink" grabs a reference using ibdevicegetbyindex...

7.8CVSS6.2AI score0.00119EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2026/01/23 3:16 p.m.3 views

CVE-2025-71153

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in getfileallinfo In getfileallinfo, if vfsgetattr fails, the function returns immediately without freeing the allocated filename, leading to a memory leak. Fix this by freeing the filename before returning...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References25
UbuntuCve
UbuntuCve
added 2026/01/23 3:16 p.m.2 views

CVE-2025-71152

In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/01/23 3:16 p.m.2 views

CVE-2025-71147

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2loadcmd 'tpm2loadcmd' allocates a tempoary blob indirectly via 'tpm2keydecode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2026/01/23 2:16 p.m.1 views

CVE-2025-71145

In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a UDC driver introduced a potential use-after-free in the non-OF case as the isp1301getclient helper only increases the...

7.8CVSS6.6AI score0.00152EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/01/23 8:16 a.m.6 views

CVE-2025-59375

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

7.5CVSS6.4AI score0.01279EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/01/23 5:16 a.m.5 views

CVE-2025-67847

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...

8.8CVSS6.1AI score0.00528EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/23 5:16 a.m.7 views

CVE-2025-3839

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this...

8CVSS7.5AI score0.00381EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/23 4:16 a.m.6 views

CVE-2025-11002

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on...

7.8CVSS7.4AI score0.00517EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/01/23 12:0 a.m.4 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS7.1AI score0.0017EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/01/23 12:0 a.m.4 views

CVE-2025-15059

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.4AI score0.00744EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/01/23 12:0 a.m.6 views

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7CVSS7.4AI score0.00286EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/01/23 12:0 a.m.8 views

CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

5.8CVSS6.7AI score0.0037EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/22 10:16 p.m.3 views

CVE-2026-24117

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can trigger GET requests, the request cannot mutate...

5.3CVSS6AI score0.00332EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/22 10:16 p.m.3 views

CVE-2026-23831

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/22 10:16 p.m.5 views

CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

8.7CVSS6.2AI score0.00731EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/01/22 10:16 p.m.3 views

CVE-2026-23953

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

8.7CVSS6.1AI score0.00471EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/01/22 3:16 p.m.2 views

CVE-2026-1102

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests...

7.5CVSS6.1AI score0.00538EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/22 3:16 p.m.4 views

CVE-2025-15523

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

4.8CVSS5.9AI score0.00146EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/22 3:16 p.m.3 views

CVE-2026-0723

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device...

7.4CVSS6.1AI score0.00832EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/22 3:16 p.m.2 views

CVE-2025-13928

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints...

7.5CVSS6.1AI score0.00712EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/22 10:16 a.m.2 views

CVE-2025-13335

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that...

6.5CVSS6.1AI score0.00521EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/22 10:16 a.m.6 views

CVE-2026-1225

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

1.8CVSS5.9AI score0.00159EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/01/22 5:16 a.m.2 views

CVE-2025-71176

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-user name pattern, which allows local users to cause a denial of service or possibly gain privileges...

6.8CVSS5.9AI score0.0014EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/22 5:16 a.m.7 views

CVE-2026-24049

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...

7.1CVSS7.2AI score0.00311EPSS
Exploits2References5
UbuntuCve
UbuntuCve
added 2026/01/22 3:15 a.m.6 views

CVE-2026-24001

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

7.5CVSS6.2AI score0.00562EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/01/22 3:15 a.m.3 views

CVE-2026-23991

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...

7.5CVSS5.9AI score0.0053EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/22 3:15 a.m.6 views

CVE-2026-23992

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

7.5CVSS5.9AI score0.00196EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/22 1:15 a.m.4 views

CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS5.9AI score0.00162EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/22 1:15 a.m.1 views

CVE-2026-23952

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

7.5CVSS5.9AI score0.0043EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/01/21 8:16 p.m.6 views

CVE-2025-12781

When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...

6.3CVSS5.9AI score0.00513EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/01/21 8:16 p.m.4 views

CVE-2025-69209

ArduinoCore-avr contains the source code and configuration files of the Arduino AVR Boards platform. A vulnerability in versions prior to 1.8.7 allows an attacker to trigger a stack-based buffer overflow when converting floating-point values to strings with high precision. By passing very large...

6.9CVSS6.8AI score0.00149EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/01/21 8:16 p.m.9 views

CVE-2025-13465

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original...

7.9CVSS6.5AI score0.01535EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/01/21 6:16 p.m.4 views

CVE-2021-47865

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...

8.7CVSS5.9AI score0.00538EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/01/21 6:16 p.m.7 views

CVE-2021-47853

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.7AI score0.00262EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/21 2:16 p.m.7 views

CVE-2026-22977

In the Linux kernel, the following vulnerability has been resolved: net: sock: fix hardened usercopy panic in sockrecverrqueue skbufffclonecache was created without defining a usercopy region, 1 unlike skbuffheadcache which properly whitelists the cb field. 2 This causes a usercopy BUG when...

5.5CVSS6AI score0.00123EPSS
Exploits0References25
UbuntuCve
UbuntuCve
added 2026/01/21 7:16 a.m.7 views

CVE-2026-24061

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable...

9.8CVSS7.3AI score0.98871EPSS
Exploits60References8
UbuntuCve
UbuntuCve
added 2026/01/21 7:16 a.m.6 views

CVE-2025-14559

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...

6.5CVSS5.8AI score0.00443EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/21 7:16 a.m.5 views

CVE-2026-22976

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

5.5CVSS5.9AI score0.00118EPSS
Exploits0References25
UbuntuCve
UbuntuCve
added 2026/01/21 6:15 a.m.4 views

CVE-2026-1035

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. Thi...

3.1CVSS5.8AI score0.00282EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/21 12:0 a.m.2 views

CVE-2025-13878

Malformed BRID/HHIT records can cause named to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1...

7.5CVSS6AI score0.08219EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/21 12:0 a.m.1 views

CVE-2026-22444

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

7.1CVSS5.9AI score0.00654EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/01/21 12:0 a.m.2 views

CVE-2026-22022

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

8.2CVSS6AI score0.00491EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/21 12:0 a.m.4 views

CVE-2024-31884

Incorrect usage of certificate checking via Pybind...

7.1AI score0.00029EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/20 10:16 p.m.3 views

CVE-2026-21982

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware wher...

7.5CVSS7.1AI score0.00227EPSS
Exploits0References2
Total number of security vulnerabilities68528