Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2025/11/05 3:15 p.m.•8 views

CVE-2025-64458

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

7.5CVSS7.2AI score0.0193EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2025/11/05 3:15 p.m.•4 views

CVE-2025-46705

A denial of service vulnerability exists in the gassertnotreached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

7.5CVSS5.9AI score0.00444EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/05 3:15 p.m.•2 views

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

7.5CVSS5.9AI score0.0046EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/05 3:15 p.m.•3 views

CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

9.8CVSS7.5AI score0.00824EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/05 2:0 p.m.•4 views

CVE-2025-62769

Potential SQL injection via connector keyword argument in QuerySet and Q objects...

5.9AI score
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/05 2:0 p.m.•2 views

CVE-2025-62768

Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows...

5.9AI score
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/05 9:0 a.m.•3 views

CVE-2025-31133

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...

7.8CVSS7.1AI score0.00673EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2025/11/05 9:0 a.m.•3 views

CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

8.4CVSS6.7AI score0.00526EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/05 9:0 a.m.•4 views

CVE-2025-52881

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

7.5CVSS7.2AI score0.00526EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/05 12:0 a.m.•3 views

CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS6.5AI score0.00373EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/11/05 12:0 a.m.•4 views

CVE-2025-64459

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

9.1CVSS7.2AI score0.19396EPSS
Exploits10References2
UbuntuCve
UbuntuCve
•added 2025/11/04 10:16 p.m.•3 views

CVE-2025-62507

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this...

8.8CVSS7.4AI score0.06867EPSS
Exploits2References4
UbuntuCve
UbuntuCve
•added 2025/11/04 9:15 p.m.•5 views

CVE-2025-48884

Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0...

6.1CVSS5.9AI score0.00177EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/04 9:15 p.m.•5 views

CVE-2025-48076

Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0...

5.4CVSS5.9AI score0.00164EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/04 3:0 p.m.•2 views

CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

7.5CVSS5.9AI score0.00196EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•3 views

CVE-2025-43432

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS6.6AI score0.00775EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•5 views

CVE-2025-43434

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash...

4.3CVSS6.8AI score0.01181EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•2 views

CVE-2025-43430

This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS6.8AI score0.01EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•2 views

CVE-2025-43458

This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS6.4AI score0.00562EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•6 views

CVE-2025-43431

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS7AI score0.00786EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•1 views

CVE-2025-43425

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS6.6AI score0.0065EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•2 views

CVE-2025-43421

Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS6.6AI score0.0059EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•3 views

CVE-2025-43392

The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin...

4.3CVSS6.6AI score0.0046EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•3 views

CVE-2025-43429

A buffer overflow was addressed with improved bounds checking. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS7AI score0.01378EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•3 views

CVE-2025-43457

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash...

6.5CVSS6.8AI score0.00559EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•2 views

CVE-2025-43441

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS6.6AI score0.00909EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•3 views

CVE-2025-43433

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS6.8AI score0.01116EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•3 views

CVE-2025-43440

This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS6.8AI score0.00463EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•3 views

CVE-2025-43438

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash...

4.3CVSS6.4AI score0.01054EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•1 views

CVE-2025-43419

The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS7.3AI score0.00371EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•3 views

CVE-2025-43427

This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS6.6AI score0.00505EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•3 views

CVE-2025-43480

The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin...

8.1CVSS6.9AI score0.00451EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/04 2:15 a.m.•4 views

CVE-2025-43443

This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS6.6AI score0.00664EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/11/03 9:18 p.m.•4 views

CVE-2025-12657

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

5.9CVSS5.8AI score0.00357EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/03 8:17 p.m.•2 views

CVE-2025-12642

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...

9.1CVSS5.9AI score0.00338EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/11/03 1:15 p.m.•2 views

CVE-2025-40107

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the mcp251x driver, which was fixed in commit 03c427147b2d "can: mcp251x: fix resume fr...

6AI score0.00183EPSS
Exploits0References17
UbuntuCve
UbuntuCve
•added 2025/11/03 12:0 a.m.•2 views

CVE-2024-51317

An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the domnodenormalize function...

6.5CVSS6AI score0.00401EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/11/03 12:0 a.m.•3 views

CVE-2025-29699

NetSurf 3.11 is vulnerable to Use After Free in domnodesettextcontent function...

6.5CVSS5.9AI score0.00296EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/11/03 12:0 a.m.•2 views

CVE-2025-45663

An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a domevent structure...

6.5CVSS5.9AI score0.00337EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/10/31 10:15 p.m.•2 views

CVE-2025-12464

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This...

6.2CVSS7.4AI score0.00165EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/31 5:15 p.m.•4 views

CVE-2025-6075

If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables...

5.5CVSS6.4AI score0.00136EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/31 12:15 p.m.•3 views

CVE-2025-58147

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

7.5CVSS5.9AI score0.00347EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/31 12:15 p.m.•4 views

CVE-2025-58149

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...

7.5CVSS5.9AI score0.004EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/31 12:15 p.m.•4 views

CVE-2025-58148

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

7.5CVSS5.9AI score0.00347EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/31 9:15 a.m.•5 views

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS5.8AI score0.00548EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/10/31 2:15 a.m.•9 views

CVE-2025-23050

QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read or division by zero. This is fixed in 5.15.19, 6.5.9, and 6.8.2...

3.1CVSS5.9AI score0.00172EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/31 12:15 a.m.•2 views

CVE-2025-6176

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/31 12:0 a.m.•2 views

CVE-2025-57106

Kitware VTK Visualization Toolkit up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data...

7.5CVSS5.8AI score0.00392EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/10/31 12:0 a.m.•2 views

CVE-2025-57107

Kitware VTK Visualization Toolkit through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations...

7.1CVSS6AI score0.00164EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/10/31 12:0 a.m.•2 views

CVE-2025-40106

In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedibufmunge The comedibufmunge function performs a modulo operation async-mungechan %= async-cmd.chanlistlen without first checking if chanlistlen is zero. If a user program submits a command with...

5.7AI score0.00193EPSS
Exploits0References39
Total number of security vulnerabilities68528