Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2025/07/23 2:15 p.m.3 views

CVE-2015-10141

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...

9.3CVSS6.2AI score0.0503EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2025/07/23 2:15 p.m.11 views

CVE-2025-54090

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...

6.3CVSS7AI score0.00691EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/23 12:0 a.m.11 views

CVE-2024-6107

Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps...

9.8CVSS5.9AI score0.00363EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2025/07/22 10:15 p.m.0 views

CVE-2025-53538

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/22 10:15 p.m.3 views

CVE-2025-54141

ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style...

7.5CVSS5.8AI score0.00822EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.1 views

CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS7.4AI score0.00417EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.1 views

CVE-2025-8038

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.8CVSS7.3AI score0.00225EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.5 views

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.1CVSS7.3AI score0.00217EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.6 views

CVE-2025-8044

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141 and Thunderbird 141...

9.8CVSS7.3AI score0.00435EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.4 views

CVE-2025-8040

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

8.8CVSS7.4AI score0.00302EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.4 views

CVE-2025-8043

Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141...

9.8CVSS5.8AI score0.00367EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.3 views

CVE-2025-8039

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS7.2AI score0.00277EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.3 views

CVE-2025-8034

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

8.8CVSS7.4AI score0.00375EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.4 views

CVE-2025-8035

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

8.8CVSS7.3AI score0.00326EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.3 views

CVE-2025-8033

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

6.5CVSS6.6AI score0.00351EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.2 views

CVE-2025-8028

On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1,...

9.8CVSS7.3AI score0.00472EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.3 views

CVE-2025-8032

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

8.1CVSS7.2AI score0.00305EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.3 views

CVE-2025-8031

The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

9.8CVSS7.3AI score0.00431EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.3 views

CVE-2025-8030

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

8.1CVSS7.2AI score0.00306EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.4 views

CVE-2025-8027

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and...

6.5CVSS6.6AI score0.00351EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.2 views

CVE-2025-8029

Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

8.1CVSS7.2AI score0.00306EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2025/07/22 6:15 p.m.2 views

CVE-2025-48964

ping in iputils before 20250602 allows a denial of service application error in adaptive ping mode or incorrect data collection via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics...

6.5CVSS5.9AI score0.00322EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/22 4:15 p.m.2 views

CVE-2025-51480

Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...

8.8CVSS7.3AI score0.00578EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2025/07/22 12:0 a.m.2 views

CVE-2025-38352

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel If an exiting non-autoreaping task has already passed exitnotify and calls handleposixcputimers from IRQ, it can be reaped by its parent or debugger rig...

7.4CVSS6.6AI score0.01345EPSS
Exploits8References48
UbuntuCve
UbuntuCve
added 2025/07/21 8:15 p.m.5 views

CVE-2025-54121

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

5.3CVSS6.8AI score0.0053EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/21 6:15 p.m.2 views

CVE-2025-7962

In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages...

7.5CVSS6.8AI score0.00756EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/21 1:15 p.m.3 views

CVE-2025-30192

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter...

7.5CVSS5.9AI score0.00229EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/21 10:15 a.m.5 views

CVE-2025-50151

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...

8.8CVSS6AI score0.00937EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/21 10:15 a.m.1 views

CVE-2025-49656

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue...

7.5CVSS6AI score0.01401EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/21 5:15 a.m.7 views

CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

3.7CVSS5.9AI score0.00321EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2025/07/20 7:15 p.m.4 views

CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...

4CVSS5.9AI score0.00395EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2025/07/20 7:15 p.m.4 views

CVE-2025-47917

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtlsx509stringtonames takes a head argument that is documented as an output argument. The documentation does not suggest that the function...

9.8CVSS7.2AI score0.0199EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2025/07/20 6:15 p.m.1 views

CVE-2025-48965

Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtlsasn1storenameddata can trigger conflicting data with val.p of NULL but val.len greater than zero...

7.5CVSS5.9AI score0.00461EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/20 3:15 a.m.3 views

CVE-2025-54314

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

2.8CVSS7.1AI score0.00155EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/19 12:15 p.m.1 views

CVE-2025-38351

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...

5.5CVSS6.1AI score0.00157EPSS
Exploits0References26
UbuntuCve
UbuntuCve
added 2025/07/19 7:15 a.m.9 views

CVE-2025-38350

In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thus make an in-flight...

7.8CVSS6.2AI score0.0018EPSS
Exploits0References35
UbuntuCve
UbuntuCve
added 2025/07/18 11:15 p.m.1 views

CVE-2025-7396

In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519...

5.6CVSS5.9AI score0.00182EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/18 11:15 p.m.5 views

CVE-2025-7395

A certificate verification error in wolfSSL when building with the WOLFSSLSYSCACERTS and WOLFSSLAPPLENATIVECERTVALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardles...

9.2CVSS5.8AI score0.00222EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/18 11:15 p.m.2 views

CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

9.8CVSS5.9AI score0.00387EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/18 11:15 p.m.5 views

CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

7.5CVSS7.1AI score0.09752EPSS
Exploits5References2
UbuntuCve
UbuntuCve
added 2025/07/18 11:15 p.m.5 views

CVE-2025-27209

The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...

7.5CVSS7.2AI score0.00771EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/18 8:15 p.m.2 views

CVE-2025-54310

qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp...

5.3CVSS5.9AI score0.00398EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/18 6:15 p.m.3 views

CVE-2025-7797

A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gfdashdownloadinitsegment of the file src/mediatools/dashclient.c. The manipulation of the argument baseiniturl leads to null pointer dereference. The attack may be launched...

6.9CVSS5.5AI score0.00871EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2025/07/18 6:15 p.m.4 views

CVE-2025-53901

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

3.5CVSS5.8AI score0.00299EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2025/07/18 5:15 p.m.8 views

CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 -...

9.4CVSS6.8AI score0.01735EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2025/07/18 8:15 a.m.1 views

CVE-2025-6023

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01,...

7.6CVSS6.4AI score0.37565EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/18 8:15 a.m.2 views

CVE-2025-6197

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL...

4.2CVSS6.7AI score0.03711EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/18 8:15 a.m.3 views

CVE-2025-38349

In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep refcount and then doing a mutexunlock&ep-mtx; afterwards. That's very wrong, because it can lead to a...

7.8CVSS6.3AI score0.00152EPSS
Exploits0References28
UbuntuCve
UbuntuCve
added 2025/07/18 12:0 a.m.10 views

CVE-2025-7700

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and...

5.3CVSS6.4AI score0.00342EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/17 8:15 p.m.4 views

CVE-2025-53964

GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary...

9.6CVSS5.9AI score0.00427EPSS
Exploits1References3
Total number of security vulnerabilities68528