Lucene search
+L
UbuntucveRecent

71772 matches found

UbuntuCve
UbuntuCve
•added 2026/06/21 4:16 p.m.•5 views

CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

6.9CVSS6.1AI score0.00102EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/21 4:16 p.m.•3 views

CVE-2026-56405

libexpat before 2.8.2 has an integer overflow in getAttributeId...

6.9CVSS6.1AI score0.00102EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/21 2:16 p.m.•3 views

CVE-2026-56367

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB PSD v2 RLE decoding path ReadPSDChannelRLE in coders/psd.c that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash...

9.1CVSS6.1AI score0.00236EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/21 2:16 p.m.•3 views

CVE-2026-56378

ImageMagick before 7.1.2-15 and 6.x before 6.9.13-40 contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds read during image decoding, resulting in denial of service and potential disclosure of an adjacent heap byte...

8.2CVSS6.1AI score0.00223EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/21 8:16 a.m.•3 views

CVE-2026-52911

In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...

8.8CVSS6AI score0.00362EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/20 2:16 a.m.•3 views

CVE-2026-9265

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

9.1CVSS6.1AI score0.00354EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/19 9:17 p.m.•2 views

CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS6.1AI score0.00194EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/19 9:17 p.m.•3 views

CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS6.1AI score0.00227EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/06/19 9:17 p.m.•3 views

CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS6.1AI score0.00227EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/06/19 8:16 p.m.•11 views

CVE-2026-48715

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, printff copies up to 2032 bytes from attacker-controlled...

8.8CVSS6.2AI score0.00203EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/19 8:16 p.m.•4 views

CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/06/19 7:16 p.m.•3 views

CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS7.1AI score0.00304EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/19 6:16 p.m.•5 views

CVE-2026-49271

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...

6.5CVSS6.1AI score0.00199EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/06/19 5:16 p.m.•2 views

CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS6.2AI score0.00272EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/06/19 5:16 p.m.•3 views

CVE-2026-56210

A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows setting a spatiallayerid exceeding the configured number of layers. This causes an out-of-bounds heap rea...

7.1CVSS6AI score0.00245EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/06/19 5:16 p.m.•3 views

CVE-2026-56208

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...

7.6CVSS6.1AI score0.00275EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/06/19 5:16 p.m.•3 views

CVE-2026-56211

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

7.1CVSS6.5AI score0.00414EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/06/19 3:16 p.m.•3 views

CVE-2026-52908

In the Linux kernel, the following vulnerability has been resolved: RDMA: During reregmr ensure that REREGACCESS is compatible If IBMRREREGACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properly pinned as RW. Since the umem is hidden inside each driver's mr stru...

7.8CVSS6AI score0.00129EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/19 3:16 p.m.•6 views

CVE-2026-52910

In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. 0 The repro sets up a UDP reuseport group with a cBPF prog and replaces it with a new one while another thread is sending a U...

7.8CVSS6.6AI score0.00104EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/06/19 3:16 p.m.•4 views

CVE-2026-52909

In the Linux kernel, the following vulnerability has been resolved: ip6vti: set netnsimmutable on the fallback device. john1988 and Noam Rathaus reported that vti6initnet does not set the netnsimmutable flag on the per-netns fallback tunnel device ip6vti0. Other similar tunnel drivers like...

7.8CVSS6AI score0.0012EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/19 12:16 p.m.•3 views

CVE-2026-12706

A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decodemove function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this by...

6.5CVSS6.1AI score0.00245EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/06/19 6:17 a.m.•3 views

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS6.1AI score0.00135EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/19 6:17 a.m.•3 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS6.2AI score0.00107EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/19 12:0 a.m.•3 views

CVE-2026-46862

Vulnerability in the MySQL Router product of Oracle MySQL component: Router: General. Supported versions that are affected are 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Router. Successful attacks o...

7.5CVSS7AI score0.00463EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/06/19 12:0 a.m.•3 views

CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS6.1AI score0.00431EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/19 12:0 a.m.•3 views

CVE-2026-48142

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS6.1AI score0.00398EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/06/19 12:0 a.m.•3 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS7.3AI score0.03552EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/06/19 12:0 a.m.•4 views

CVE-2026-50190

Unknown description...

6.1AI score0.00101EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/19 12:0 a.m.•5 views

CVE-2026-55203

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9.1CVSS6.1AI score0.00321EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/18 9:16 p.m.•2 views

CVE-2025-15661

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

8.3CVSS7AI score0.00267EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/06/18 9:16 p.m.•3 views

CVE-2026-45696

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

8.3CVSS6AI score0.00263EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/06/18 9:16 p.m.•3 views

CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

9.8CVSS6.1AI score0.0045EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/06/18 9:16 p.m.•3 views

CVE-2026-44663

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...

7.1CVSS6AI score0.00199EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/06/18 8:16 p.m.•4 views

CVE-2026-43915

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS6AI score0.00141EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/06/18 7:16 p.m.•3 views

CVE-2026-48937

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS6.5AI score0.00445EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/18 7:16 p.m.•3 views

CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

6.7CVSS6.1AI score0.00105EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/18 5:16 p.m.•3 views

CVE-2026-56022

Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header, allowing bypass of additional MFA requirements. Fixed in 2.641...

6.9CVSS6.1AI score0.00308EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/06/18 5:16 p.m.•3 views

CVE-2026-56020

The Webmin HTTP server miniserv.pl allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP header. A remote attacker can spoof certificate DNs and authenticate as any user. Fixed in 2.641...

9.2CVSS6.1AI score0.00285EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/06/18 5:16 p.m.•3 views

CVE-2026-56021

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS6.1AI score0.0028EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/06/18 5:16 p.m.•3 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS6.4AI score0.00208EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/18 4:16 p.m.•2 views

CVE-2026-44688

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/06/18 4:16 p.m.•3 views

CVE-2026-44691

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/06/18 4:16 p.m.•3 views

CVE-2026-11791

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

5CVSS6AI score0.00212EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/18 4:16 p.m.•3 views

CVE-2026-22551

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...

6.7CVSS6.1AI score0.00181EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/06/18 4:16 p.m.•3 views

CVE-2026-46580

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/06/18 2:17 p.m.•3 views

CVE-2026-42487

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

7.9CVSS6.1AI score0.00095EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/18 2:17 p.m.•3 views

CVE-2026-42490

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

6.5CVSS6.1AI score0.002EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/06/18 2:17 p.m.•3 views

CVE-2026-44942

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content...

6.5CVSS6.1AI score0.00329EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/06/18 2:17 p.m.•4 views

CVE-2026-8461

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...

8.8CVSS7.1AI score0.00477EPSS
Exploits3References2
UbuntuCve
UbuntuCve
•added 2026/06/18 2:17 p.m.•3 views

CVE-2026-42488

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

8.1CVSS6.1AI score0.00353EPSS
Exploits0References2
Total number of security vulnerabilities71772