Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2025/11/10 8:15 p.m.•2 views

CVE-2025-12428

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.06806EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2025/11/10 8:15 p.m.•4 views

CVE-2025-12429

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00267EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/10 8:15 p.m.•3 views

CVE-2025-12445

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Low...

6.5CVSS6.6AI score0.00128EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/10 8:15 p.m.•4 views

CVE-2025-12443

Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.9AI score0.00195EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/10 8:15 p.m.•2 views

CVE-2025-12438

Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.2AI score0.00224EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/10 8:15 p.m.•2 views

CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

6.5CVSS7AI score0.00258EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2025/11/10 8:15 p.m.•1 views

CVE-2025-12444

Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.2CVSS5.9AI score0.00156EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/10 8:15 p.m.•4 views

CVE-2025-12440

Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

5.3CVSS6.1AI score0.00181EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/10 8:15 p.m.•3 views

CVE-2025-12436

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Medium...

5.9CVSS6.2AI score0.00152EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/10 8:15 p.m.•4 views

CVE-2025-12437

Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS7.1AI score0.00204EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/10 8:15 p.m.•5 views

CVE-2025-12441

Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.9AI score0.00176EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/10 8:15 p.m.•5 views

CVE-2025-12439

Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: Medium...

5.5CVSS5.9AI score0.00074EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2025/11/10 8:15 p.m.•4 views

CVE-2025-12435

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS5.9AI score0.0022EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/10 5:15 a.m.•1 views

CVE-2025-59777

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

8.7CVSS7.1AI score0.00382EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/10 5:15 a.m.•4 views

CVE-2025-62689

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

8.7CVSS7.1AI score0.00382EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/09 5:15 a.m.•1 views

CVE-2025-40108

In the Linux kernel, the following vulnerability has been resolved: serial: qcom-geni: Fix blocked task Revert commit 1afa70632c39 "serial: qcom-geni: Enable PM runtime for serial driver" and its dependent commit 86fa39dd6fb7 "serial: qcom-geni: Enable Serial on SA8255p Qualcomm platforms" becaus...

5.7AI score0.00154EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2025/11/09 5:15 a.m.•3 views

CVE-2025-40109

In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure setent is always present Ensure that setent is always set since only drbg provides it...

5.9AI score0.00186EPSS
Exploits0References37
UbuntuCve
UbuntuCve
•added 2025/11/08 12:15 a.m.•3 views

CVE-2025-12905

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.9AI score0.00141EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/08 12:15 a.m.•2 views

CVE-2025-12907

Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. Chromium security severity: Low...

8.8CVSS7.5AI score0.00251EPSS
Exploits3References3
UbuntuCve
UbuntuCve
•added 2025/11/08 12:15 a.m.•2 views

CVE-2025-64486

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

9.3CVSS6AI score0.00159EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/08 12:15 a.m.•4 views

CVE-2025-12906

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS6.1AI score0.00145EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/08 12:15 a.m.•2 views

CVE-2025-12910

Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. Chromium security severity: Low...

6.2CVSS6.5AI score0.00095EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/08 12:15 a.m.•3 views

CVE-2025-12908

Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.9AI score0.00162EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/08 12:15 a.m.•3 views

CVE-2025-12911

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.9AI score0.00142EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/08 12:15 a.m.•3 views

CVE-2025-12909

Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. Chromium security severity: Low...

5.3CVSS6.1AI score0.00178EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/07 9:15 p.m.•3 views

CVE-2025-12863

Rejected reason: This CVE was assigned for a libxml2 issue1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012note2608283...

6.1AI score0.00068EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/11/07 9:15 p.m.•2 views

CVE-2025-12875

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been...

7.8CVSS5.7AI score0.00143EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2025/11/07 7:16 p.m.•2 views

CVE-2025-61261

A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

5.4CVSS6.1AI score0.00232EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/07 12:0 a.m.•8 views

CVE-2025-64329

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

6.9CVSS6.8AI score0.00151EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/11/07 12:0 a.m.•2 views

CVE-2025-64184

Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing...

8.8CVSS6AI score0.00395EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/06 11:15 p.m.•3 views

CVE-2025-11756

Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.4AI score0.00428EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 11:15 p.m.•2 views

CVE-2025-11458

Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

8.1CVSS7.4AI score0.0025EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 11:15 p.m.•3 views

CVE-2025-11460

Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. Chromium security severity: High...

8.8CVSS7.5AI score0.00283EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2025/11/06 10:15 p.m.•2 views

CVE-2025-11209

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

8.2CVSS7.2AI score0.00224EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 10:15 p.m.•2 views

CVE-2025-11206

Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

7.1CVSS7.4AI score0.00191EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 10:15 p.m.•3 views

CVE-2025-11205

Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.4AI score0.0028EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 10:15 p.m.•2 views

CVE-2025-11210

Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS6.9AI score0.00197EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 10:15 p.m.•3 views

CVE-2025-11215

Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6.8AI score0.00215EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 10:15 p.m.•4 views

CVE-2025-11208

Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.3CVSS6.9AI score0.00192EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 10:15 p.m.•2 views

CVE-2025-11212

Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

6.3CVSS7.2AI score0.00178EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 10:15 p.m.•4 views

CVE-2025-11211

Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS7.2AI score0.00329EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 10:15 p.m.•2 views

CVE-2025-11213

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

6.3CVSS7.2AI score0.00192EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 10:15 p.m.•3 views

CVE-2025-11216

Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. Chromium security severity: Low...

6.3CVSS7.2AI score0.00206EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 10:15 p.m.•3 views

CVE-2025-11219

Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Low...

3.1CVSS6.8AI score0.00231EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 10:15 p.m.•3 views

CVE-2025-11207

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS7AI score0.00224EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/06 7:15 p.m.•6 views

CVE-2024-25621

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

7.8CVSS6.8AI score0.00145EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2025/11/05 7:15 p.m.•2 views

CVE-2023-43000

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS7.3AI score0.03955EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/05 7:15 p.m.•2 views

CVE-2025-12745

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...

7.8CVSS5.7AI score0.00196EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2025/11/05 4:15 p.m.•4 views

CVE-2025-60753

An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service Out-of-Memory crash...

5.5CVSS6AI score0.00157EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/05 3:15 p.m.•2 views

CVE-2025-46404

A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

7.5CVSS5.9AI score0.0046EPSS
Exploits1References3
Total number of security vulnerabilities68528