Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2025/12/19 5:15 p.m.•4 views

CVE-2025-58052

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...

8.1CVSS5.9AI score0.00271EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/12/19 5:15 p.m.•5 views

CVE-2025-58053

Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue...

9.8CVSS5.9AI score0.00255EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/19 4:15 p.m.•2 views

CVE-2025-53922

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...

5.3CVSS5.8AI score0.00202EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/19 3:15 p.m.•3 views

CVE-2025-50681

igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service application crash via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the recvigmp function in src/igmpproxy.c, an invalid group record type can...

7.5CVSS5.9AI score0.0044EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/12/19 1:16 p.m.•6 views

CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

4.8CVSS5.9AI score0.00118EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/12/19 11:15 a.m.•9 views

CVE-2025-14847

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

8.7CVSS7AI score0.83007EPSS
Exploits39References4
UbuntuCve
UbuntuCve
•added 2025/12/18 11:15 p.m.•4 views

CVE-2025-68390

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation CAPEC-130 of memory and a denial of service DoS via crafted HTTP request...

4.9CVSS5.9AI score0.00329EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/18 10:16 p.m.•6 views

CVE-2025-68384

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of oversized user settings data...

6.5CVSS5.9AI score0.00245EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/18 10:15 p.m.•2 views

CVE-2025-34450

merbanan/rtl433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parserfraw located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a...

7.8CVSS6.3AI score0.0019EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2025/12/18 10:15 p.m.•3 views

CVE-2025-34449

Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the scdevicemsgdeserialize function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-servic...

9.1CVSS6.1AI score0.00345EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2025/12/18 10:15 p.m.•3 views

CVE-2025-34451

rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxyfromstring located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password...

7.8CVSS6.4AI score0.00218EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2025/12/18 9:15 p.m.•5 views

CVE-2025-68161

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...

6.3CVSS6.7AI score0.00743EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2025/12/18 9:15 p.m.•9 views

CVE-2025-59529

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...

5.5CVSS5.8AI score0.00152EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/18 8:15 p.m.•5 views

CVE-2023-53943

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identif...

6.9CVSS5.9AI score0.00297EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/12/18 4:15 p.m.•4 views

CVE-2025-68469

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue...

5.1CVSS5.9AI score0.00178EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/12/18 3:16 p.m.•2 views

CVE-2025-68325

In the Linux kernel, the following vulnerability has been resolved: net/sched: schcake: Fix incorrect qlen reduction in cakedrop In cakedrop, qdisctreereducebacklog is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cakeenqueue, assumes that the parent qdisc will enqueue t...

5.9AI score0.0018EPSS
Exploits0References35
UbuntuCve
UbuntuCve
•added 2025/12/18 3:16 p.m.•4 views

CVE-2025-68323

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec-work The delayed work uec-work is scheduled in gaokunucsiprobe but never properly canceled in gaokunucsiremove. This creates use-after-free scenarios where the ucsi and gaokunucs...

5.7AI score0.00182EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2025/12/18 3:16 p.m.•2 views

CVE-2025-68324

In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'immtq' is initialized in immattach and scheduled via immqueuecommand for processing SCSI commands. When the IMM parallel port SCSI host...

5.9AI score0.00171EPSS
Exploits0References12
UbuntuCve
UbuntuCve
•added 2025/12/18 3:15 p.m.•2 views

CVE-2025-14861

Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1...

8.8CVSS7.4AI score0.00208EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/12/18 3:15 p.m.•4 views

CVE-2025-14744

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0...

6.5CVSS5.8AI score0.00169EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/12/18 3:15 p.m.•2 views

CVE-2025-14860

Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1...

9.8CVSS7.3AI score0.00265EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/12/18 3:15 p.m.•4 views

CVE-2025-63757

Integer overflow vulnerability in the yuv2ya16Xctemplate function in libswscale/output.c in FFmpeg 8.0...

7.5CVSS6.8AI score0.0032EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2025/12/18 2:15 p.m.•5 views

CVE-2025-65000

SSH private keys of the "Remote alert handlers Linux" rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed...

5.3CVSS5.9AI score0.00182EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/18 10:16 a.m.•5 views

CVE-2025-64997

Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...

6.5CVSS5.9AI score0.00209EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/18 9:15 a.m.•4 views

CVE-2025-14874

A flaw was found in Nodemailer. This vulnerability allows a denial of service DoS via a crafted email address header that triggers infinite recursion in the address parser...

7.5CVSS6.3AI score0.00409EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2025/12/18 6:15 a.m.•3 views

CVE-2025-68463

Bio.Entrez in Biopython through 186 allows doctype XXE...

4.9CVSS5.8AI score0.00293EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/18 6:15 a.m.•4 views

CVE-2025-68462

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...

3.2CVSS5.8AI score0.00096EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/12/18 5:15 a.m.•5 views

CVE-2025-68460

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer...

7.5CVSS5.9AI score0.00244EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/12/18 5:15 a.m.•2 views

CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

7.2CVSS6.1AI score0.19769EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2025/12/18 1:15 a.m.•6 views

CVE-2025-14841

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null...

4.8CVSS5.9AI score0.00113EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2025/12/17 10:16 p.m.•1 views

CVE-2025-68118

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Windows platforms. The function freerdpcertificatedatahash uses the Microsoft-specific snprintf function to format certificate cache filenames...

9.1CVSS6AI score0.00214EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/12/17 10:16 p.m.•5 views

CVE-2025-67873

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path. Commit...

7.8CVSS7.4AI score0.00191EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/17 10:16 p.m.•2 views

CVE-2025-68114

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a malicious csoptmem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit...

9.8CVSS7.3AI score0.00163EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/12/17 9:16 p.m.•2 views

CVE-2025-43501

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS6.8AI score0.00686EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2025/12/17 9:16 p.m.•4 views

CVE-2025-43535

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS5.9AI score0.0077EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2025/12/17 9:16 p.m.•3 views

CVE-2025-43541

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash...

4.3CVSS6.6AI score0.32EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2025/12/17 9:16 p.m.•7 views

CVE-2025-43529

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code...

8.8CVSS7.5AI score0.08439EPSS
Exploits8References11
UbuntuCve
UbuntuCve
•added 2025/12/17 9:16 p.m.•2 views

CVE-2025-43536

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS5.8AI score0.00548EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2025/12/17 9:16 p.m.•3 views

CVE-2025-43531

A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash...

3.1CVSS5.8AI score0.0044EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2025/12/17 9:16 p.m.•4 views

CVE-2025-53000

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...

8.5CVSS5.9AI score0.00233EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/12/17 9:15 p.m.•5 views

CVE-2025-14761

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

6CVSS5.9AI score0.00176EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/12/17 9:15 p.m.•2 views

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

6CVSS7.2AI score0.00185EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/12/17 4:16 p.m.•6 views

CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS7.1AI score0.00166EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/12/17 4:16 p.m.•4 views

CVE-2024-29371

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

7.5CVSS7.2AI score0.00244EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/12/16 10:15 p.m.•2 views

CVE-2025-64520

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

6.5CVSS5.9AI score0.00186EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/12/16 10:15 p.m.•2 views

CVE-2025-53619

An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function nullconvert is called based of...

9.1CVSS5.9AI score0.00232EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/16 10:15 p.m.•2 views

CVE-2025-52582

An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability...

7.5CVSS5.9AI score0.00282EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/12/16 10:15 p.m.•4 views

CVE-2025-53618

An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function grayscaleconvert is called base...

9.1CVSS5.9AI score0.00214EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/16 10:15 p.m.•3 views

CVE-2025-48429

An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to leaking heap data. An attacker can provide a malicious file to trigger this vulnerability...

9.1CVSS5.9AI score0.00294EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/12/16 7:15 p.m.•4 views

CVE-2025-68146

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.5CVSS7.3AI score0.00184EPSS
Exploits1References6
Total number of security vulnerabilities68528