Lucene search
+L
UbuntucveRecent

71772 matches found

UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13799

Use after free in QUIC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. Chromium security severity: High...

8.1CVSS6.1AI score0.00298EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13793

Insufficient policy enforcement in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.1AI score0.00233EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13835

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.00316EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.4 views

CVE-2026-13782

Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

10CVSS6.1AI score0.00293EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13840

Insufficient policy enforcement in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.1AI score0.00233EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13816

Insufficient validation of untrusted input in File Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.1AI score0.00299EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13807

Use after free in Import in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. Chromium security severity: High...

7.5CVSS6.4AI score0.00286EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13851

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: High...

9.1CVSS6.1AI score0.00289EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13830

Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: High...

8.8CVSS6.4AI score0.00228EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13787

Use after free in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

8.1CVSS6.4AI score0.00393EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13854

Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS6.1AI score0.0028EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13802

Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.00332EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13814

Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13791

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: High...

8.1CVSS6.4AI score0.00324EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.4 views

CVE-2026-13852

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: High...

9.1CVSS6.1AI score0.00289EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13784

Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS6.1AI score0.00314EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13780

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS6.1AI score0.00314EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13775

Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.8CVSS6.1AI score0.00314EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13833

Uninitialized Use in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.2AI score0.00289EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13822

Inappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: High...

6.5CVSS6.1AI score0.00166EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13805

Use after free in GFX in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.4AI score0.00351EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 11:16 p.m.3 views

CVE-2026-13825

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.00306EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 10:16 p.m.5 views

CVE-2026-52868

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation...

8.8CVSS5.9AI score0.00374EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/30 10:16 p.m.3 views

CVE-2026-35505

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart...

8.7CVSS6.1AI score0.00379EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/30 10:16 p.m.2 views

CVE-2026-57585

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...

7.5CVSS6AI score0.00278EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 10:16 p.m.3 views

CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...

6.9CVSS6AI score0.00206EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 10:16 p.m.5 views

CVE-2026-37106

An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration a non-default feature...

9.8CVSS6.1AI score0.0051EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 10:16 p.m.3 views

CVE-2026-50254

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it...

8.7CVSS6.1AI score0.00379EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/30 10:16 p.m.4 views

CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS6.1AI score0.00435EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/30 9:16 p.m.3 views

CVE-2026-44628

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...

8.7CVSS6.1AI score0.00395EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/30 3:16 p.m.3 views

CVE-2026-4360

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

5.3CVSS6.1AI score0.00235EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/06/30 2:16 p.m.3 views

CVE-2026-14241

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152.0.4...

9.8CVSS6.2AI score0.00232EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/06/30 1:19 p.m.3 views

CVE-2026-58374

In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 IEEE 802.11be Multi-Link Operation MLO association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile...

7.1CVSS6.1AI score0.00282EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/06/30 1:19 p.m.3 views

CVE-2026-58015

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

7.5CVSS6.1AI score0.00418EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/30 1:19 p.m.3 views

CVE-2026-58012

A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escapes because the stringappend function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the stri...

8.2CVSS6.1AI score0.00322EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/30 1:19 p.m.3 views

CVE-2026-58014

A flaw was found in GLib. An off-by-one error can occur in the gkeyfilegetlocalestringlist function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundar...

8.6CVSS6AI score0.00293EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/30 1:19 p.m.3 views

CVE-2026-58010

A flaw was found in GLib. An off-by-one error can occur in the gvstupleisnormal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses instead of =, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information...

8.2CVSS6.9AI score0.00322EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/30 1:19 p.m.3 views

CVE-2026-53433

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

7.5CVSS6.1AI score0.00215EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/30 1:19 p.m.3 views

CVE-2026-58013

A flaw was found in GLib. A buffer over-read can occur in giochannelreadlinebackend in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes ...

8.2CVSS6.1AI score0.00329EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/30 1:19 p.m.3 views

CVE-2026-58011

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...

7.5CVSS6AI score0.00344EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/30 1:19 p.m.3 views

CVE-2026-53432

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

7.5CVSS6.1AI score0.00243EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/30 1:19 p.m.3 views

CVE-2026-58016

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

9.1CVSS6.1AI score0.00373EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.3 views

CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS6.1AI score0.00659EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.3 views

CVE-2026-58302

rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...

8.4CVSS6.2AI score0.00152EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.3 views

CVE-2026-12243

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7AI score0.0051EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.2 views

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS6.1AI score0.00304EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.2 views

CVE-2026-44605

Unknown description...

6.1AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.3 views

CVE-2026-50750

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

7.5CVSS6.1AI score0.00707EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.3 views

CVE-2026-54475

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...

7.5CVSS6.1AI score0.00589EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.5 views

CVE-2026-49432

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS6.2AI score0.00844EPSS
Exploits0References2
Total number of security vulnerabilities71772