Lucene search
+L
UbuntucveRecent

71772 matches found

UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.2 views

CVE-2026-49877

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/ paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from...

8.1CVSS6.1AI score0.0051EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.2 views

CVE-2026-54475

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...

7.5CVSS6.1AI score0.00589EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.2 views

CVE-2026-12243

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7AI score0.0051EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.3 views

CVE-2026-13316

A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and httpproxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component...

4.4CVSS6AI score0.00105EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.2 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS6.3AI score0.00361EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.2 views

CVE-2026-58302

rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...

8.4CVSS6.2AI score0.00152EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.2 views

CVE-2026-12610

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of servi...

6.4CVSS6AI score0.00155EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.4 views

CVE-2026-49432

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS6.2AI score0.00844EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.3 views

CVE-2026-50734

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...

7.5CVSS6.1AI score0.00796EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/30 12:0 a.m.3 views

CVE-2026-14164

A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...

7.5CVSS6AI score0.0035EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/29 9:16 p.m.3 views

CVE-2026-53434

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...

9.1CVSS6.1AI score0.00368EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/06/29 9:16 p.m.3 views

CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

9.1CVSS6.1AI score0.00368EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/06/29 9:16 p.m.3 views

CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

7.3CVSS6.1AI score0.00413EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/06/29 9:16 p.m.3 views

CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS6.1AI score0.02569EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2026/06/29 9:16 p.m.2 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS6AI score0.0041EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/06/29 9:16 p.m.2 views

CVE-2026-55955

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

6.5CVSS6.1AI score0.0028EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/06/29 9:16 p.m.4 views

CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS6.1AI score0.00462EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/06/29 9:16 p.m.4 views

CVE-2026-13758

CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form compares it against the computed tag with memNE memcmp != 0, which short-circuits on the first differing byte, so its run time depends on the...

3.7CVSS6.1AI score0.00295EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/06/29 8:17 p.m.2 views

CVE-2026-13593

CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as comments and whitespace...

6.5CVSS6.1AI score0.00238EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/29 8:17 p.m.2 views

CVE-2026-56017

JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash. The regexp versus division disambiguator in JsTokenizeString XS.xs inspects the previous token's last byte to choose between a regexp literal and a...

7.5CVSS6.1AI score0.00488EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/29 8:17 p.m.2 views

CVE-2026-56018

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes withou...

7.5CVSS6.2AI score0.00609EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/06/29 7:16 p.m.2 views

CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS6AI score0.00137EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/29 5:16 p.m.2 views

CVE-2026-12912

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT8BITABGR output format and a specific stride value, leading to a heap-base...

7.3CVSS6.4AI score0.00231EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2026/06/29 3:16 p.m.3 views

CVE-2026-13573

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The...

4.8CVSS6.1AI score0.00124EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/06/29 3:16 p.m.3 views

CVE-2026-13574

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on th...

4.8CVSS6.1AI score0.00124EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/06/29 2:16 p.m.2 views

CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS6.1AI score0.00369EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/06/29 2:16 p.m.2 views

CVE-2026-54369

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS6.1AI score0.00142EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/06/29 2:16 p.m.2 views

CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS6.2AI score0.00091EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/06/29 2:16 p.m.3 views

CVE-2026-54371

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS6.2AI score0.00136EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/06/29 2:16 p.m.3 views

CVE-2026-11979

libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell function processes user input using fixed-size stack buffers without proper bounds checking. By supplying an overly long input line, an attacker can overflow intern...

7.8CVSS6.3AI score0.00148EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/29 12:16 p.m.3 views

CVE-2026-41992

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

7.5CVSS6.1AI score0.00294EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/29 12:16 p.m.3 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS6.1AI score0.00105EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/29 10:16 a.m.2 views

CVE-2026-25707

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

8.8CVSS6.1AI score0.006EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/29 10:16 a.m.3 views

CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS6.1AI score0.0012EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/06/29 9:16 a.m.2 views

CVE-2026-13595

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be...

6.8CVSS6.1AI score0.00112EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/06/29 6:16 a.m.3 views

CVE-2026-53325

In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agpamd64probe A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment e.g. qemu/kvm without a physical AMD northbridge. The crash occurs...

5.5CVSS6AI score0.00122EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/29 3:16 a.m.2 views

CVE-2026-13523

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the...

4.8CVSS5.6AI score0.00112EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/06/29 12:0 a.m.2 views

CVE-2026-8343

Unknown description...

7AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/06/29 12:0 a.m.3 views

CVE-2026-55622

security update...

6.1AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/29 12:0 a.m.2 views

CVE-2026-48002

Unknown description...

7AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/06/29 12:0 a.m.2 views

CVE-2026-48769

security update...

6.1AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/29 12:0 a.m.2 views

CVE-2026-48003

Unknown description...

7AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/06/29 12:0 a.m.2 views

CVE-2026-48751

security update...

6.1AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/29 12:0 a.m.2 views

CVE-2026-48755

security update...

6.1AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/29 12:0 a.m.3 views

CVE-2026-13324

Unknown description...

6.1AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/29 12:0 a.m.2 views

CVE-2026-48749

security update...

6.1AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/29 12:0 a.m.2 views

CVE-2026-48752

security update...

6.1AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/29 12:0 a.m.2 views

CVE-2026-48915

Unknown description...

6.1AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/06/29 12:0 a.m.2 views

CVE-2026-6425

Unknown description...

6.1AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/06/29 12:0 a.m.2 views

CVE-2026-48004

Unknown description...

6.1AI score
Exploits0References1
Total number of security vulnerabilities71772