Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2025/12/02 6:15 p.m.•2 views

CVE-2025-66399

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters including newlines that are...

8.8CVSS7.5AI score0.10941EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/12/02 6:15 p.m.•1 views

CVE-2025-64750

SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...

4.5CVSS5.9AI score0.00137EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2025/12/02 6:15 p.m.•3 views

CVE-2025-65105

Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor: and --security=selinux: which otherwise put restrictions on operations that containers...

5.3CVSS5.9AI score0.00198EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2025/12/02 4:15 p.m.•1 views

CVE-2025-65187

A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed...

6.1CVSS5.9AI score0.00191EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/02 2:16 p.m.•3 views

CVE-2025-41066

Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the...

6.9CVSS5.9AI score0.00214EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/02 2:0 p.m.•5 views

CVE-2025-13372

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

4.3CVSS7.2AI score0.00904EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/02 2:0 p.m.•1 views

CVE-2025-64460

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS7.2AI score0.02143EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/02 11:15 a.m.•2 views

CVE-2025-13353

In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...

7.1CVSS5.8AI score0.00145EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/01 11:15 p.m.•8 views

CVE-2025-66412

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

8.5CVSS6.9AI score0.00377EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/01 7:15 p.m.•3 views

CVE-2025-65407

A use-after-free in the MPEG1or2Demux::newElementaryStream function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG Program stream...

6.5CVSS5.9AI score0.00259EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/01 7:15 p.m.•4 views

CVE-2025-34297

KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kissfftalloc in kissfft.c on platforms where sizet is 32-bit. The nfft parameter is not validated before being used in a size calculation sizeofkissfftcpx nfft - 1, which can wrap to a small value when nfft is large...

8.6CVSS6.1AI score0.00144EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/01 6:16 p.m.•2 views

CVE-2025-13837

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...

5.5CVSS7AI score0.00193EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/01 6:16 p.m.•4 views

CVE-2025-13836

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS...

7.5CVSS7.2AI score0.01525EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2025/12/01 5:15 p.m.•1 views

CVE-2025-65406

A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted MKV file...

6.5CVSS5.9AI score0.00277EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/01 5:15 p.m.•2 views

CVE-2025-65408

A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted ADTS file...

6.5CVSS5.9AI score0.00259EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/01 4:15 p.m.•1 views

CVE-2025-65404

A buffer overflow in the getSideInfo2 function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via a crafted MP3 stream...

6.5CVSS6AI score0.00277EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/01 4:15 p.m.•2 views

CVE-2025-65405

A use-after-free in the ADTSAudioFileSource::samplingFrequency function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted ADTS/AAC file...

6.5CVSS5.9AI score0.00259EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/01 4:15 p.m.•2 views

CVE-2025-64775

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue...

7.5CVSS7.2AI score0.01456EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/12/01 2:16 p.m.•1 views

CVE-2025-49643

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

6.5CVSS6.6AI score0.00319EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/01 1:16 p.m.•3 views

CVE-2025-27232

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...

6.8CVSS6AI score0.00311EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/01 1:16 p.m.•2 views

CVE-2025-12106

Insufficient argument validation in OpenVPN 2.7alpha1 through 2.7rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses...

9.1CVSS7.4AI score0.00538EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/30 5:16 a.m.•4 views

CVE-2025-66433

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...

4.2CVSS5.9AI score0.00087EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/30 3:15 a.m.•2 views

CVE-2025-66424

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

6.5CVSS5.8AI score0.00208EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/30 3:15 a.m.•1 views

CVE-2025-66420

Tryton sao aka tryton-sao before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/30 3:15 a.m.•1 views

CVE-2025-66422

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back server setup information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

4.3CVSS5.9AI score0.00251EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/30 3:15 a.m.•2 views

CVE-2025-66423

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

7.1CVSS5.8AI score0.00196EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/30 3:15 a.m.•2 views

CVE-2025-66421

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/29 3:16 a.m.•1 views

CVE-2025-66221

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...

6.3CVSS6.7AI score0.00474EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/29 1:16 a.m.•3 views

CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

9.8CVSS7.3AI score0.00496EPSS
Exploits9References4
UbuntuCve
UbuntuCve
•added 2025/11/28 4:15 p.m.•0 views

CVE-2025-12183

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input...

8.8CVSS7.1AI score0.00647EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/28 3:16 p.m.•2 views

CVE-2025-12638

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...

8CVSS7.2AI score0.00592EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/28 7:15 a.m.•3 views

CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

5.5CVSS6.1AI score0.00183EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/27 3:0 p.m.•2 views

CVE-2025-58436

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue...

5.5CVSS6AI score0.00195EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/11/27 3:0 p.m.•2 views

CVE-2025-61915

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config a...

6.7CVSS6.4AI score0.00409EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/27 12:0 a.m.•1 views

CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

4.7CVSS5.8AI score0.00176EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/27 12:0 a.m.•1 views

CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

3.6CVSS6AI score0.00138EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/26 11:15 p.m.•3 views

CVE-2025-64333

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been patched in versions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/26 11:15 p.m.•1 views

CVE-2025-66030

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...

6.3CVSS6.3AI score0.00276EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/26 11:15 p.m.•2 views

CVE-2025-64331

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/26 11:15 p.m.•3 views

CVE-2025-66031

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...

8.7CVSS6.6AI score0.00373EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/26 11:15 p.m.•2 views

CVE-2025-64330

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a single byte read heap overflow when logging the verdict in eve.alert and eve.drop records can lead to crashes. This requires t...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/26 11:15 p.m.•1 views

CVE-2025-64332

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in version...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/26 11:15 p.m.•4 views

CVE-2025-64344

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected wh...

7.5CVSS6AI score0.00306EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/11/26 11:15 p.m.•3 views

CVE-2025-64334

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....

7.5CVSS5.8AI score0.00306EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/26 11:15 p.m.•4 views

CVE-2025-64335

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64data. This issue has been patched in...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/26 11:15 p.m.•2 views

CVE-2025-66035

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...

7.7CVSS6.5AI score0.00572EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2025/11/26 7:15 p.m.•4 views

CVE-2021-4472

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

6.5CVSS5.9AI score0.00399EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2025/11/26 6:15 p.m.•13 views

CVE-2025-2486

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based...

8.8CVSS7.2AI score0.00113EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/26 5:15 p.m.•6 views

CVE-2025-63938

Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the stripreturnport function within src/reqs.c...

6.5CVSS5.9AI score0.00229EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/11/26 3:15 p.m.•5 views

CVE-2025-13601

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

7.7CVSS6.9AI score0.00306EPSS
Exploits1References5
Total number of security vulnerabilities68528