Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 p.m.•2 views

CVE-2025-66648

vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...

7.2CVSS5.8AI score0.00184EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•3 views

CVE-2025-68764

In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag...

5.9AI score0.00165EPSS
Exploits0References35
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•5 views

CVE-2025-68752

In the Linux kernel, the following vulnerability has been resolved: iavf: Implement settime64 with -EOPNOTSUPP ptpclocksettime assumes every ptpclock has implemented settime64. Stub it with -EOPNOTSUPP to prevent a NULL dereference. The fix is similar to commit 329d050bbe63 "gve: Implement...

5.7AI score0.00155EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•2 views

CVE-2025-68754

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...

5.7AI score0.00155EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•10 views

CVE-2025-68765

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fix memory leak in mt7615mcuwtblstaadd In mt7615mcuwtblstaadd, an skb sskb is allocated. If the subsequent call to mt76connacmcuallocwtblreq fails, the function returns an error without freeing sskb, leading to a...

5.7AI score0.00161EPSS
Exploits0References35
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•5 views

CVE-2025-68757

In the Linux kernel, the following vulnerability has been resolved: drm/vgem-fence: Fix potential deadlock on release A timer that expires a vgem fence automatically in 10 seconds is now released with timerdeletesync from fence-ops.release called on last dmafenceput. In some scenarios, it can run...

5.7AI score0.00165EPSS
Exploits0References35
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•6 views

CVE-2025-68762

In the Linux kernel, the following vulnerability has been resolved: net: netpoll: initialize work queue before error checks Prevent a kernel warning when netconsole setup fails on devices with IFFDISABLENETPOLL flag. The warning at kernel/workqueue.c:4242 in flushwork occurs because the cleanup...

5.7AI score0.00155EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•3 views

CVE-2025-68760

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential out-of-bounds read in iommummioshow In iommummiowrite, it validates the user-provided offset with the check: iommu-dbgmmiooffset iommu-mmiophysend - 4. This assumes a 4-byte access. However, the...

5.7AI score0.00155EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•3 views

CVE-2025-68755

In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging. Specifically, commit 723de0f9171e "staging: most: remove device from...

5.7AI score0.00157EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•3 views

CVE-2025-68761

In the Linux kernel, the following vulnerability has been resolved: hfs: fix potential use after free in hfscorrectnextunusedCNID This code calls hfsbnodeputnode which drops the refcount and then dreferences "node" on the next line. It's only safe to use "node" when we're holding a reference so...

5.8AI score0.00145EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•2 views

CVE-2025-68753

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: add bounds check in putuser loop for DSP events In the DSP event handling code, a putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it could overwrite beyond the buffer...

5.8AI score0.00161EPSS
Exploits0References25
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•2 views

CVE-2025-68766

In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: Fix error code in mchpeicdomainalloc If irqdomaintranslatetwocell sets "hwirq" to = MCHPEICNIRQ 2 then it results in an out of bounds access. The code checks for invalid values, but doesn't set the error code...

5.8AI score0.00161EPSS
Exploits0References25
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•6 views

CVE-2025-68759

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Fix potential memory leaks in rtl8180initrxring In rtl8180initrxring, memory is allocated for skb packets and DMA allocations in a loop. When an allocation fails, the previously successful allocations are not freed...

5.9AI score0.00165EPSS
Exploits0References35
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•6 views

CVE-2025-68758

In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It...

5.7AI score0.00165EPSS
Exploits0References35
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•5 views

CVE-2025-68756

In the Linux kernel, the following vulnerability has been resolved: block: Use RCU in blkmqunquiescetagset instead of set-taglistlock blkmqadd,delqueuetagset functions add and remove queues from tagset, the functions make sure that tagset and queues are marked as shared when two or more queues ar...

5.9AI score0.00157EPSS
Exploits0References25
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•2 views

CVE-2025-68763

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Correctly handle return of sgnentsforlen The return value of sgnentsforlen was assigned to an unsigned long in starfivehashdigest, causing negative error codes to be converted to large positive integers. Add...

5.8AI score0.00173EPSS
Exploits0References25
UbuntuCve
UbuntuCve
•added 2026/01/05 10:15 a.m.•5 views

CVE-2025-68751

In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpuvstl A false-positive kmsan report is detected when running ping command. An inline assembly instruction 'vstl' can write varied amount of bytes depending on value of 'index'...

5.7AI score0.00155EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2026/01/02 9:16 p.m.•7 views

CVE-2026-21452

MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers lazily, it later...

7.5CVSS5.9AI score0.0055EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/01/02 7:15 p.m.•3 views

CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

5.5CVSS5.9AI score0.0007EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/02 4:17 p.m.•4 views

CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

9.8CVSS5.9AI score0.00674EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2026/01/02 4:17 p.m.•2 views

CVE-2025-67269

An integer underflow vulnerability exists in the nextstate function in gpsd/packet.c of gpsd versions prior to commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated using lexer-length = sizetc - 4 without checking if the input byte c is le...

7.5CVSS5.9AI score0.0047EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2026/01/02 3:15 p.m.•4 views

CVE-2025-15438

A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The...

7.2CVSS5.5AI score0.00386EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2026/01/01 9:15 p.m.•6 views

CVE-2025-15412

A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approac...

7.8CVSS5.6AI score0.00179EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2026/01/01 8:15 p.m.•8 views

CVE-2025-15411

A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the loc...

7.8CVSS5.8AI score0.00179EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2026/01/01 6:15 p.m.•5 views

CVE-2026-21428

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the writeheaders function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability allows attackers to add...

8.7CVSS5.7AI score0.00372EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/01/01 12:15 a.m.•4 views

CVE-2025-69412

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API aka phishing API, which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration...

3.4CVSS5.8AI score0.00241EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2025/12/31 7:15 p.m.•4 views

CVE-2025-34468

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentiall...

9.8CVSS6.9AI score0.00637EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/12/31 7:15 a.m.•2 views

CVE-2025-15274

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS7.5AI score0.00579EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/31 7:15 a.m.•2 views

CVE-2025-15275

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS7.5AI score0.0058EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/31 7:15 a.m.•4 views

CVE-2025-15278

FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8CVSS7.4AI score0.00263EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/31 7:15 a.m.•3 views

CVE-2025-15271

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...

8.8CVSS7.5AI score0.00581EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/31 7:15 a.m.•2 views

CVE-2025-15279

FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.5AI score0.00259EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/31 7:15 a.m.•2 views

CVE-2025-15276

FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.4AI score0.00329EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/12/31 7:15 a.m.•2 views

CVE-2025-15273

FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS7.6AI score0.0058EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/31 7:15 a.m.•5 views

CVE-2025-15280

FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

8.8CVSS7.4AI score0.00532EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/31 7:15 a.m.•3 views

CVE-2025-15272

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS7.5AI score0.00579EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/31 7:15 a.m.•3 views

CVE-2025-15277

FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.4AI score0.00259EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/31 7:15 a.m.•3 views

CVE-2025-15270

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...

8.8CVSS7.5AI score0.00581EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/31 7:15 a.m.•2 views

CVE-2025-15269

FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

8.8CVSS7.4AI score0.00474EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/31 6:15 a.m.•7 views

CVE-2025-69277

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...

4.5CVSS6AI score0.00166EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/12/31 2:15 a.m.•3 views

CVE-2025-68131

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

7.5CVSS5.8AI score0.00423EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/31 1:15 a.m.•2 views

CVE-2025-11964

On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf16letoutf8truncated can write data beyond the end of the provided buffer...

1.9CVSS5.9AI score0.00102EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/12/31 1:15 a.m.•2 views

CVE-2025-11961

pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function...

1.9CVSS5.7AI score0.00098EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/12/30 11:15 p.m.•3 views

CVE-2022-50798

Rejected reason: This candidate is a duplicate of CVE-2017-11359...

6.4AI score0.00039EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2025/12/30 9:15 p.m.•7 views

CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...

7.5CVSS5.7AI score0.0051EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2025/12/30 8:16 p.m.•5 views

CVE-2025-69261

WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in WasmEdge/include/runtime/instance/memory.h can wrap, causing checkAccessBound to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0-alpha.3 contains a patch for the issue...

7.5CVSS5.8AI score0.00285EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/12/30 8:16 p.m.•1 views

CVE-2025-50343

An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in MatVarCreateStruct when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads and invalid memory frees during cleanup, potentially causing a...

9.8CVSS6.5AI score0.00343EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/30 6:15 p.m.•4 views

CVE-2025-65411

A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the searchpath parameter...

7.5CVSS5.8AI score0.00522EPSS
Exploits2References7
UbuntuCve
UbuntuCve
•added 2025/12/30 6:15 p.m.•4 views

CVE-2025-65409

A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service DoS via inputting an empty value as a password...

7.5CVSS5.9AI score0.00317EPSS
Exploits2References5
UbuntuCve
UbuntuCve
•added 2025/12/30 5:15 p.m.•2 views

CVE-2025-68950

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file wi...

6.2CVSS6.6AI score0.00164EPSS
Exploits0References3
Total number of security vulnerabilities68528