Lucene search
+L
UbuntucveRecent

71772 matches found

ubuntucve
ubuntucve
added 2026/07/08 11:16 p.m.2 views

CVE-2026-15105

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...

6.3CVSS6.3AI score0.00285EPSS
Exploits0References8
ubuntucve
ubuntucve
added 2026/07/08 10:17 p.m.2 views

CVE-2026-15168

BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure...

3.3CVSS6.1AI score0.00102EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2026/07/08 10:17 p.m.2 views

CVE-2026-39179

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality...

6.3CVSS7.2AI score0.00157EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2026/07/08 10:17 p.m.2 views

CVE-2026-39178

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint...

6.3CVSS7.2AI score0.00157EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2026/07/08 9:18 p.m.2 views

CVE-2026-10037

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS6.2AI score0.0012EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.1 views

CVE-2026-8472

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS6.1AI score0.00243EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-7492

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

5.3CVSS6.1AI score0.00254EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-54591

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../...

8.1CVSS6.1AI score0.00317EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-55206

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in archiveinfo.py used an On^2 cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted...

8.7CVSS6.1AI score0.00321EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.1 views

CVE-2026-58207

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal...

7.7CVSS6.1AI score0.0056EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-58494

Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...

6.5CVSS6.1AI score0.00119EPSS
Exploits0References10
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-59818

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References10
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-6352

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS6.1AI score0.00264EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-6896

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser...

8.7CVSS7.2AI score0.00282EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-54590

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version 2.23.0 contains an incomplete fix for CVE-2026-45309 in SSHServerConfig.settokens that blocks /, , and .. before %u substitution in...

5.9CVSS6.1AI score0.00285EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-55195

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, py7zr's Worker.decompress extracted archive entries without tracking total decompressed size, allowing a crafted .7z file such as a 15.6 KB archive that expan...

8.7CVSS6.1AI score0.00321EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-58208

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...

7.5CVSS6.1AI score0.00593EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-58211

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS6.1AI score0.00292EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.1 views

CVE-2025-12506

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

4.3CVSS6.1AI score0.00187EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.1 views

CVE-2026-11827

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...

4.9CVSS6.1AI score0.00255EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-13151

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

4.3CVSS6.1AI score0.00161EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-15166

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00133EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-15167

DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

7.5CVSS7AI score0.00156EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-15172

FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00097EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-15163

Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service...

7.5CVSS6.1AI score0.00187EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-15164

Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00097EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-15170

Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00133EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-15171

SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00097EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-15173

pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

5.5CVSS6.1AI score0.00089EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-13320

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper...

7.3CVSS7AI score0.00243EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-14896

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6.1AI score0.0016EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.1 views

CVE-2026-15165

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

5.5CVSS6.1AI score0.00133EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-15169

UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

7.5CVSS6.1AI score0.00218EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 9:16 p.m.2 views

CVE-2026-15174

Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00092EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.2 views

CVE-2026-59935

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop during parsing such as when extracting page text. This issu...

8.7CVSS6.1AI score0.00352EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.2 views

CVE-2026-55404

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpageurl or filename metadata without sufficient validation or escaping,...

8.8CVSS6.2AI score0.0064EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.2 views

CVE-2026-58210

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS6.1AI score0.00732EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.2 views

CVE-2026-58212

Rejected reason: Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of updating Product dependencies MUST NOT be determined to be a Vulnerability, regardless of whether the dependencies have Vulnerabilities...

6.1AI score
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.2 views

CVE-2026-58213

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupti...

7.1CVSS6.1AI score0.00441EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.2 views

CVE-2026-58251

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...

6.5CVSS6.1AI score0.00463EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.2 views

CVE-2026-58253

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when noauthuser was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an...

8.8CVSS7AI score0.00368EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.1 views

CVE-2026-58254

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

6.5CVSS6.1AI score0.00308EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.2 views

CVE-2026-59936

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in...

8.7CVSS6.1AI score0.00345EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.1 views

CVE-2026-59946

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS6.1AI score0.00136EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.1 views

CVE-2026-59947

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...

4.7CVSS6.1AI score0.00108EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.2 views

CVE-2026-59948

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...

7CVSS6.1AI score0.00132EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.2 views

CVE-2026-53624

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...

4.8CVSS6.1AI score0.00207EPSS
Exploits1References5
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.2 views

CVE-2026-58209

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...

4.3CVSS6.1AI score0.00342EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.1 views

CVE-2026-58214

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...

4.3CVSS6.1AI score0.00349EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/07/08 8:16 p.m.1 views

CVE-2026-58250

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by...

7.5CVSS6.1AI score0.00732EPSS
Exploits0References2
Total number of security vulnerabilities71772