Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/01/20 10:16 p.m.•4 views

CVE-2026-21990

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS7AI score0.00196EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:16 p.m.•2 views

CVE-2026-21984

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

7.5CVSS7AI score0.00198EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:16 p.m.•6 views

CVE-2026-21989

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.1CVSS7.1AI score0.00192EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:16 p.m.•4 views

CVE-2026-21983

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

7.5CVSS7AI score0.00198EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:16 p.m.•4 views

CVE-2026-21988

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS7AI score0.00196EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:16 p.m.•3 views

CVE-2026-21981

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

4.6CVSS7.1AI score0.00121EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:16 p.m.•5 views

CVE-2026-21987

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS7AI score0.00196EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:16 p.m.•4 views

CVE-2026-21986

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

7.1CVSS7.1AI score0.00186EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:16 p.m.•4 views

CVE-2026-21985

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

6CVSS6.7AI score0.00236EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•4 views

CVE-2026-21937

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS7AI score0.00337EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•3 views

CVE-2026-21952

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

4.9CVSS7AI score0.00337EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•4 views

CVE-2026-21949

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

6.5CVSS7AI score0.00317EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•4 views

CVE-2025-15366

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

5.9CVSS7.1AI score0.00315EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•2 views

CVE-2025-15367

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

5.9CVSS7.1AI score0.00315EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•1 views

CVE-2026-21963

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

6CVSS6.7AI score0.00234EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•6 views

CVE-2026-21965

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

2.7CVSS7AI score0.00305EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•1 views

CVE-2026-21955

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS7.1AI score0.00264EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•2 views

CVE-2026-21956

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS7.1AI score0.00264EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•3 views

CVE-2026-21948

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS7AI score0.00337EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•6 views

CVE-2026-21947

Vulnerability in Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u471-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human...

3.1CVSS6.4AI score0.00204EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•3 views

CVE-2026-21950

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

6.5CVSS7AI score0.00316EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•4 views

CVE-2026-21941

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS7AI score0.00337EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•5 views

CVE-2026-21936

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7AI score0.00337EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•3 views

CVE-2025-15282

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS5.8AI score0.0048EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•3 views

CVE-2026-21929

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 9.0.0-9.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

5.3CVSS7AI score0.00268EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•2 views

CVE-2026-21968

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

6.5CVSS7AI score0.00257EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•8 views

CVE-2026-21933

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

6.1CVSS6.7AI score0.00261EPSS
Exploits1References10
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•3 views

CVE-2026-21957

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

7.5CVSS7AI score0.00212EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•4 views

CVE-2025-11468

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...

5.7CVSS5.8AI score0.0055EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•4 views

CVE-2026-0865

User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS7.1AI score0.00463EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•3 views

CVE-2026-0672

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS5.8AI score0.00401EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•3 views

CVE-2026-21964

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

4.9CVSS7AI score0.00337EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•6 views

CVE-2026-21932

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: AWT, JavaFX. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

7.4CVSS6.8AI score0.00427EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•8 views

CVE-2026-21945

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 an...

7.5CVSS6.7AI score0.00864EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/01/20 10:15 p.m.•6 views

CVE-2026-21925

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and...

4.8CVSS6.7AI score0.00212EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/01/20 9:16 p.m.•5 views

CVE-2025-55132

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-only...

5.3CVSS6.7AI score0.00227EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 9:16 p.m.•5 views

CVE-2025-59464

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...

7.5CVSS6.9AI score0.0023EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 9:16 p.m.•2 views

CVE-2026-21636

A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...

10CVSS6.6AI score0.00663EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/20 9:16 p.m.•2 views

CVE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS7.3AI score0.01633EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2026/01/20 9:16 p.m.•6 views

CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS7.3AI score0.03493EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 9:16 p.m.•4 views

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7.1AI score0.01056EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 9:16 p.m.•2 views

CVE-2025-59466

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications that rely on...

7.5CVSS7AI score0.00624EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 9:16 p.m.•4 views

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS7.3AI score0.03782EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/20 7:15 p.m.•4 views

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

9.8CVSS7.8AI score0.16903EPSS
Exploits3References2
UbuntuCve
UbuntuCve
•added 2026/01/20 6:16 p.m.•3 views

CVE-2025-33231

NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of...

6.7CVSS5.9AI score0.00156EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/20 6:16 p.m.•1 views

CVE-2025-33230

NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data...

7.3CVSS5.9AI score0.01185EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/20 6:16 p.m.•4 views

CVE-2025-33229

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges,...

7.3CVSS6.2AI score0.00159EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/20 6:16 p.m.•1 views

CVE-2025-33228

NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code...

7.3CVSS5.9AI score0.01185EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/20 2:16 p.m.•6 views

CVE-2025-15281

Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the wewordv member, which on subsequent calls to wordfree may abort the process...

7.5CVSS5.8AI score0.00286EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/20 12:15 p.m.•5 views

CVE-2025-14369

drflac, an audio decoder within the drlibs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool...

5.5CVSS6.2AI score0.00147EPSS
Exploits0References3
Total number of security vulnerabilities68528