Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2025/11/20 3:17 p.m.•2 views

CVE-2025-60798

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

6.5CVSS6AI score0.0025EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/20 3:17 p.m.•2 views

CVE-2025-60799

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...

6.1CVSS5.8AI score0.00191EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/20 3:17 p.m.•3 views

CVE-2025-60797

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

6.5CVSS6AI score0.00233EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/20 3:0 p.m.•2 views

CVE-2025-64524

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault...

5.5CVSS5.9AI score0.00181EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/11/19 10:16 p.m.•7 views

CVE-2025-11001

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on...

7.8CVSS7.4AI score0.27017EPSS
Exploits11References3
UbuntuCve
UbuntuCve
•added 2025/11/19 9:15 p.m.•4 views

CVE-2025-58181

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

5.3CVSS6.8AI score0.00521EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2025/11/19 9:15 p.m.•2 views

CVE-2025-47914

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

5.3CVSS6.8AI score0.00473EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2025/11/19 12:0 a.m.•2 views

CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...

8.2CVSS7.2AI score0.00621EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/18 11:15 p.m.•2 views

CVE-2025-65015

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...

9.2CVSS5.9AI score0.00329EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2025/11/18 10:15 p.m.•1 views

CVE-2025-12119

A mongocbulkoperationt may read invalid memory if large options are passed...

6.9CVSS5.8AI score0.00185EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/18 7:15 p.m.•3 views

CVE-2025-61663

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this comman...

4.9CVSS5.8AI score0.00112EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/18 7:15 p.m.•1 views

CVE-2025-54771

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub t...

4.9CVSS5.8AI score0.00127EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/18 7:15 p.m.•3 views

CVE-2025-61662

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...

7.8CVSS5.8AI score0.0019EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/18 7:15 p.m.•3 views

CVE-2025-54770

A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the netsetvlan command is not properly unregistered when the network module is unloaded from memory. An attacker who...

4.9CVSS5.8AI score0.00127EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/18 7:15 p.m.•4 views

CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

4.8CVSS5.7AI score0.00168EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/18 7:15 p.m.•4 views

CVE-2025-61664

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...

4.9CVSS5.7AI score0.00121EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/18 6:16 p.m.•0 views

CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

7.5CVSS5.9AI score0.00413EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/11/18 5:16 p.m.•3 views

CVE-2025-63829

eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Timet:: fraction function...

7.5CVSS5.9AI score0.00276EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/11/18 4:15 p.m.•4 views

CVE-2025-58121

Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

5.4CVSS5.9AI score0.00174EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/18 4:15 p.m.•12 views

CVE-2025-64996

In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...

4.8CVSS5.9AI score0.00089EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/18 4:15 p.m.•4 views

CVE-2025-58122

Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure...

5.4CVSS5.9AI score0.00143EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/18 3:16 p.m.•3 views

CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

4.3CVSS5.9AI score0.00283EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/18 12:0 a.m.•4 views

CVE-2025-13228

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.00219EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/18 12:0 a.m.•3 views

CVE-2025-13226

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.00219EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/18 12:0 a.m.•4 views

CVE-2025-13230

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.00219EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/18 12:0 a.m.•4 views

CVE-2025-13229

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.00219EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/18 12:0 a.m.•2 views

CVE-2025-13227

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.00219EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/17 11:15 p.m.•2 views

CVE-2025-13224

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00443EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/17 11:15 p.m.•2 views

CVE-2025-13223

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.04835EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/11/17 6:15 p.m.•4 views

CVE-2025-64756

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

7.5CVSS7AI score0.03026EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/17 12:0 a.m.•1 views

CVE-2025-13193

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability...

5.5CVSS6.6AI score0.00104EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/15 9:15 a.m.•5 views

CVE-2025-12983

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially crafted markdown content with nested formattin...

6.5CVSS5.9AI score0.00367EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/15 8:15 a.m.•3 views

CVE-2025-2615

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...

6.5CVSS5.9AI score0.00275EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/15 8:15 a.m.•3 views

CVE-2025-7736

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/15 8:15 a.m.•3 views

CVE-2025-6945

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments...

3.5CVSS5.9AI score0.00233EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/15 8:15 a.m.•3 views

CVE-2025-6171

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...

5.3CVSS5.9AI score0.00231EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/15 8:15 a.m.•2 views

CVE-2025-7000

An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed unauthorized users to view confidential branch names by accessing project issues with related merge requests...

4.3CVSS5.8AI score0.0031EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/15 8:15 a.m.•3 views

CVE-2025-11990

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

3.5CVSS5.9AI score0.00258EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/15 8:15 a.m.•4 views

CVE-2025-11865

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user...

5.3CVSS5.8AI score0.00196EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/14 9:15 p.m.•1 views

CVE-2025-63744

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load function of bindyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program...

4.3CVSS5.8AI score0.00251EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/14 9:15 p.m.•1 views

CVE-2025-63745

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info function of binne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/14 8:15 p.m.•1 views

CVE-2025-13033

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the emai...

7.5CVSS5.9AI score0.00509EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/11/14 3:15 a.m.•4 views

CVE-2024-13178

Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.9AI score0.0018EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/14 3:15 a.m.•2 views

CVE-2024-13983

Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. Chromium security severity: Low...

6.3CVSS5.9AI score0.00124EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/14 3:15 a.m.•2 views

CVE-2025-13107

Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.9AI score0.0018EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/14 3:15 a.m.•3 views

CVE-2024-9126

Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a series of curated UI gestures. Chromium security severity: Medium...

7.5CVSS5.9AI score0.00197EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/14 3:15 a.m.•3 views

CVE-2024-11920

Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.9AI score0.00201EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/14 3:15 a.m.•2 views

CVE-2025-13102

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.9AI score0.00163EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/14 3:15 a.m.•3 views

CVE-2024-7021

Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.9AI score0.00171EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/14 3:15 a.m.•3 views

CVE-2025-13097

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS6.1AI score0.00144EPSS
Exploits1References3
Total number of security vulnerabilities68528