Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/01/20 5:16 a.m.•2 views

CVE-2026-0904

Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS5.9AI score0.00168EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/01/20 5:16 a.m.•1 views

CVE-2026-0900

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00323EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/01/20 5:16 a.m.•3 views

CVE-2026-0903

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. Chromium security severity: Medium...

5.4CVSS5.9AI score0.00178EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/01/20 5:16 a.m.•1 views

CVE-2026-0901

Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

5.4CVSS5.9AI score0.00187EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/01/20 5:16 a.m.•3 views

CVE-2026-0899

Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00382EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/01/20 5:16 a.m.•1 views

CVE-2026-0907

Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

9.8CVSS5.9AI score0.00246EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/01/20 5:16 a.m.•1 views

CVE-2026-0902

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.9AI score0.00258EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/01/20 5:16 a.m.•4 views

CVE-2026-0905

Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. Chromium security severity: Medium...

9.8CVSS5.8AI score0.00221EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/01/20 5:16 a.m.•2 views

CVE-2026-0908

Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

8.8CVSS5.9AI score0.00314EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/01/20 5:16 a.m.•3 views

CVE-2026-0906

Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/01/20 1:15 a.m.•4 views

CVE-2026-23876

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

9.8CVSS6.1AI score0.00609EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/01/20 1:15 a.m.•6 views

CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

8.8CVSS6.4AI score0.00233EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/01/20 1:15 a.m.•3 views

CVE-2026-22770

ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will...

9.8CVSS5.8AI score0.00336EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/20 1:15 a.m.•4 views

CVE-2026-23949

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the jaraco.context.tarball function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract file...

8.6CVSS7.2AI score0.00527EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2026/01/20 1:15 a.m.•4 views

CVE-2026-23874

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL Magick Scripting Language command when writing to MSL format. Version 7.1.2-13 fixes the issue...

5.5CVSS5.9AI score0.00161EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/19 6:16 p.m.•2 views

CVE-2026-23883

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, xfPointerNew frees cursorPixels on failure, then pointerfree calls xfPointerFree and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash DoS and...

9.8CVSS5.9AI score0.00402EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2026/01/19 6:16 p.m.•2 views

CVE-2026-23884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash DoS and...

9.8CVSS5.9AI score0.00402EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2026/01/19 6:16 p.m.•5 views

CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

9.9CVSS5.9AI score0.00575EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/19 6:16 p.m.•6 views

CVE-2026-23533

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a...

9.8CVSS6AI score0.00434EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2026/01/19 6:16 p.m.•3 views

CVE-2026-23534

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a...

9.8CVSS6AI score0.00434EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2026/01/19 6:16 p.m.•3 views

CVE-2026-23732

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts cbData/remaining length and never validates against the minimum size implied by cx/cy. A malicious server can trigger a client‑side global buffer overflow, causing a crash DoS. Versi...

7.5CVSS6AI score0.00481EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2026/01/19 5:15 p.m.•1 views

CVE-2026-23530

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,freerdpbitmapdecompressplanar does not validate nSrcWidth/nSrcHeight against planar-maxWidth/maxHeight before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash DoS...

9.8CVSS6AI score0.00443EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2026/01/19 5:15 p.m.•1 views

CVE-2026-23531

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, cleardecompress calls freerdpimagecopynooverlap without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates...

9.8CVSS5.9AI score0.00443EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2026/01/19 5:15 p.m.•3 views

CVE-2026-23532

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s gdiSurfaceToSurface path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a...

9.8CVSS6.1AI score0.00434EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2026/01/19 12:0 a.m.•4 views

CVE-2026-1144

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is...

8.8CVSS6.2AI score0.00349EPSS
Exploits1References9
UbuntuCve
UbuntuCve
•added 2026/01/19 12:0 a.m.•2 views

CVE-2026-0943

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability. Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hbsrc.tar.gz in the source tarball, which is affected by CVE-2026-22693...

7.5CVSS5.9AI score0.00424EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/18 11:15 p.m.•2 views

CVE-2025-15538

A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to ...

7.8CVSS5.5AI score0.00165EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/18 10:15 a.m.•4 views

CVE-2025-15537

A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbffile::stringvalue of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed...

5.5CVSS5.6AI score0.0019EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2026/01/18 9:15 a.m.•3 views

CVE-2025-15536

A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made...

5.5CVSS5.7AI score0.0023EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2026/01/16 11:15 p.m.•4 views

CVE-2026-22816

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

8.6CVSS5.9AI score0.00149EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/16 11:15 p.m.•5 views

CVE-2026-22865

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

8.6CVSS5.9AI score0.00135EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/16 10:16 p.m.•2 views

CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

8.2CVSS6.7AI score0.00334EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2026/01/16 9:15 p.m.•6 views

CVE-2026-23643

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

5.4CVSS5.9AI score0.00252EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/16 7:16 p.m.•1 views

CVE-2025-61873

Best Practical Request Tracker RT before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used...

2.6CVSS5.9AI score0.00193EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/01/16 7:16 p.m.•6 views

CVE-2026-23535

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2...

8CVSS6AI score0.00337EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/16 7:16 p.m.•4 views

CVE-2026-23490

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2...

7.5CVSS6.7AI score0.00679EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/16 6:16 p.m.•10 views

CVE-2025-51602

mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server...

4.8CVSS5.8AI score0.00368EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/16 6:16 p.m.•8 views

CVE-2025-31510

In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via the tab parameter, for Choice authentication...

7.2CVSS5.9AI score0.00378EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/16 6:16 p.m.•4 views

CVE-2025-43904

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator...

4.2CVSS5.9AI score0.00218EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/16 12:0 a.m.•5 views

CVE-2026-23528

Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...

6.1CVSS5.9AI score0.00205EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/16 12:0 a.m.•2 views

CVE-2026-0858

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to...

6.1CVSS6.2AI score0.00303EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/16 12:0 a.m.•2 views

CVE-2026-0988

A flaw was found in glib. Missing validation of offset and count parameters in the gbufferedinputstreampeek function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy, triggering...

3.7CVSS6.2AI score0.00396EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/01/16 12:0 a.m.•5 views

CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the...

8.4CVSS5.8AI score0.00309EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2026/01/16 12:0 a.m.•3 views

CVE-2025-29943

Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest...

4.6CVSS6.1AI score0.00202EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/15 10:16 p.m.•7 views

CVE-2026-0915

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver...

7.5CVSS5.9AI score0.00564EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/01/15 7:16 p.m.•2 views

CVE-2025-70302

A heap overflow in the ghidmxdeclareopidbin function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted input...

5.5CVSS5.9AI score0.00188EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/15 7:16 p.m.•3 views

CVE-2025-70303

A heap overflow in the uncvparseconfig function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.5CVSS5.9AI score0.00188EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/15 6:16 p.m.•3 views

CVE-2025-70307

A stack overflow in the dumpttxtsample function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted packet...

7.5CVSS5.9AI score0.00433EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/15 6:16 p.m.•4 views

CVE-2025-70299

A heap overflow in the aviparseinputfile function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted AVI file...

6.5CVSS5.9AI score0.00304EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/15 5:16 p.m.•3 views

CVE-2025-70309

A stack overflow in the pcmreframeflushpacket function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted WAV file...

5.5CVSS5.9AI score0.00141EPSS
Exploits1References2
Total number of security vulnerabilities68528