Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2025/10/22 12:0 a.m.•6 views

CVE-2025-40778

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

8.6CVSS6.7AI score0.00509EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•2 views

CVE-2025-53066

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...

7.5CVSS6.8AI score0.00633EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•1 views

CVE-2025-62588

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS7.1AI score0.00191EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•4 views

CVE-2025-53045

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7AI score0.00533EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•1 views

CVE-2025-62589

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS7.1AI score0.00191EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•5 views

CVE-2025-62641

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS7.1AI score0.00187EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•1 views

CVE-2025-62591

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

6CVSS6.7AI score0.00184EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•3 views

CVE-2025-62592

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

6CVSS7.1AI score0.00183EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•1 views

CVE-2025-53067

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

4.9CVSS7AI score0.00529EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•1 views

CVE-2025-62587

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS7AI score0.00184EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•2 views

CVE-2025-61748

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15...

3.7CVSS7.1AI score0.00355EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•3 views

CVE-2025-61759

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

6.5CVSS6.8AI score0.00176EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•1 views

CVE-2025-61760

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

7.5CVSS7.1AI score0.00141EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•2 views

CVE-2025-53057

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracl...

5.9CVSS6.8AI score0.00487EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•2 views

CVE-2025-62590

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS7.1AI score0.00187EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•5 views

CVE-2025-53054

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

5.5CVSS7AI score0.00438EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•3 views

CVE-2025-53040

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS7AI score0.00533EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•2 views

CVE-2025-53044

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7AI score0.00533EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•2 views

CVE-2025-53062

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7AI score0.00533EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•2 views

CVE-2025-53069

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS7AI score0.00533EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•3 views

CVE-2025-53053

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

5.5CVSS7AI score0.00438EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/21 8:20 p.m.•3 views

CVE-2025-53042

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS7AI score0.00533EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/21 5:15 p.m.•2 views

CVE-2025-62518

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

8.1CVSS7.2AI score0.00688EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2025/10/21 4:15 p.m.•1 views

CVE-2025-60751

GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode...

7.5CVSS5.9AI score0.02182EPSS
Exploits3References4
UbuntuCve
UbuntuCve
•added 2025/10/21 3:15 p.m.•3 views

CVE-2020-36855

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been...

5.5CVSS5.7AI score0.00222EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2025/10/21 3:15 p.m.•1 views

CVE-2022-4981

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now publ...

5.5CVSS5.4AI score0.00255EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/10/21 12:0 a.m.•3 views

CVE-2025-62694

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affects Mediawiki - WikiLove Extension: 1.39...

6.9CVSS5.9AI score0.00346EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/21 12:0 a.m.•4 views

CVE-2025-12004

Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42...

10CVSS5.9AI score0.00289EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/10/21 12:0 a.m.•3 views

CVE-2025-62699

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Translate Extension allows Footprinting. Translate extension appears to use jobs to make edits to translation pages. This causes the CheckUser tool to log the wrong IP and User-Agent...

6.9CVSS5.9AI score0.00339EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/21 12:0 a.m.•2 views

CVE-2025-62696

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in The Wikimedia Foundation Mediawiki Foundation - Springboard Extension allows Command Injection.This issue affects Mediawiki Foundation - Springboard Extension: master...

6.9CVSS5.9AI score0.01169EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/21 12:0 a.m.•2 views

CVE-2025-62168

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

10CVSS7.2AI score0.6332EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2025/10/21 12:0 a.m.•6 views

CVE-2025-62701

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Mediawiki - Wikistories: from master before 1.44...

6.9CVSS5.9AI score0.00311EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/21 12:0 a.m.•4 views

CVE-2025-62702

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - PageTriage Extension allows Stored XSS.This issue affects Mediawiki - PageTriage Extension: from master before 1.44...

6.9CVSS5.9AI score0.00311EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/21 12:0 a.m.•7 views

CVE-2025-62695

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affects Mediawiki - WikiLambda Extension: master...

6.9CVSS5.9AI score0.00311EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/21 12:0 a.m.•1 views

CVE-2025-59438

Mbed TLS through 3.6.4 has an Observable Timing Discrepancy...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/20 10:15 p.m.•4 views

CVE-2025-54764

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd...

6.2CVSS5.9AI score0.00202EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2025/10/20 9:15 p.m.•3 views

CVE-2025-62657

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki PageForms extension allows Stored XSS.This issue affects MediaWiki PageForms extension: 1.44...

5.8CVSS5.9AI score0.00245EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/20 9:15 p.m.•4 views

CVE-2025-62656

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension: 1.43, 1.44...

5.8CVSS5.9AI score0.00245EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/20 9:15 p.m.•5 views

CVE-2025-62658

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44...

7.5CVSS5.9AI score0.00217EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/20 8:15 p.m.•4 views

CVE-2025-62697

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki - LanguageSelector Extension: from master before 1.39...

8.8CVSS5.9AI score0.00317EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/20 6:15 p.m.•3 views

CVE-2025-62700

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - MultiBoilerplate Extensionmaste allows Stored XSS.This issue affects Mediawiki - MultiBoilerplate Extensionmaste: from master before 1.39...

6.9CVSS5.9AI score0.00311EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/20 6:15 p.m.•1 views

CVE-2025-11979

An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoD...

6.5CVSS7AI score0.00246EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/20 6:15 p.m.•4 views

CVE-2025-62693

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - LastModified Extension allows Stored XSS.This issue affects Mediawiki - LastModified Extension: from master before 1.39...

6.9CVSS5.9AI score0.00311EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/20 6:15 p.m.•3 views

CVE-2025-62698

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - ExternalGuidance allows Stored XSS.This issue affects Mediawiki - ExternalGuidance: from master before 1.39...

6.9CVSS5.9AI score0.00311EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/20 4:15 p.m.•2 views

CVE-2025-40016

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

5.7AI score0.00231EPSS
Exploits0References17
UbuntuCve
UbuntuCve
•added 2025/10/20 4:15 p.m.•1 views

CVE-2025-40005

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver support indirect read and indirect write operation with assumption no force device removalunbind operation. However force device removalremoval is still...

5.5CVSS5.7AI score0.00181EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/20 4:15 p.m.•1 views

CVE-2025-40012

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smcrxsplice when calling getpage smcloregisterdmb allocates DMB buffers with kzalloc, which are later passed to getpage in smcrxsplice. Since kmalloc memory is not page-backed, this triggers WARNONONCE in...

5.7AI score0.0022EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/10/20 4:15 p.m.•2 views

CVE-2025-40013

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreachwidgetloadmodulecommon could return NULL or an error pointer. Add missing NULL check so that we do not...

5.7AI score0.00231EPSS
Exploits0References18
UbuntuCve
UbuntuCve
•added 2025/10/20 4:15 p.m.•2 views

CVE-2025-40015

In the Linux kernel, the following vulnerability has been resolved: media: stm32-csi: Fix dereference before NULL check In 'stm32csistart', 'csidev-ssubdev' is dereferenced directly while assigning a value to the 'srcpad'. However the same value is being checked against NULL at a later point of...

5.7AI score0.00214EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/10/20 4:15 p.m.•1 views

CVE-2025-40010

In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afsputserver afsputserver accessed server-debugid before the NULL check, which could lead to a null pointer dereference. Move the debugid assignment, ensuring we never dereference a...

6.7AI score0.00222EPSS
Exploits0References17
Total number of security vulnerabilities68528