Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2026/03/23 7:16 a.m.2 views

CVE-2026-23554

The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structures however is not deferred until the flushing is done, and...

7.8CVSS5.9AI score0.00128EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/23 7:16 a.m.1 views

CVE-2026-23555

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

7.1CVSS5.8AI score0.00181EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/22 2:16 p.m.7 views

CVE-2019-25591

DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can trigger a denial of service by pasting a malicious registration code...

6.9CVSS6.1AI score0.00179EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/22 1:16 p.m.5 views

CVE-2026-4115

A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a hi...

6.3CVSS5.3AI score0.00534EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2026/03/22 9:15 a.m.3 views

CVE-2026-4541

A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/cryptosigned25519tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local...

2.5CVSS4.9AI score0.00083EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/03/22 6:16 a.m.4 views

CVE-2026-4539

A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released...

4.8CVSS5.5AI score0.00156EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/03/22 5:16 a.m.3 views

CVE-2026-4538

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...

7.8CVSS5.9AI score0.00239EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/03/22 3:16 a.m.5 views

CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS5.9AI score0.00135EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/22 3:16 a.m.4 views

CVE-2025-71276

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...

6.4CVSS5.9AI score0.00137EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/22 3:16 a.m.5 views

CVE-2026-33549

SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment of administrator privileges during the editing of an author data structure because of STATUT mishandling...

8.8CVSS5.8AI score0.00239EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/22 1:16 a.m.3 views

CVE-2019-25586

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash...

6.9CVSS6.1AI score0.00178EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/03/22 1:16 a.m.4 views

CVE-2019-25585

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash...

6.9CVSS6.1AI score0.00177EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/03/21 1:16 p.m.2 views

CVE-2019-25544

Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when joining a chat,...

6.9CVSS6AI score0.00187EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/20 11:16 p.m.4 views

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

9.8CVSS6.1AI score0.00704EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/20 11:16 p.m.3 views

CVE-2026-33230

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...

6.1CVSS6.1AI score0.00331EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/03/20 11:16 p.m.3 views

CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS6AI score0.01557EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/20 11:16 p.m.5 views

CVE-2026-33236

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...

8.1CVSS6AI score0.00487EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/20 11:16 p.m.8 views

CVE-2026-33231

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...

7.5CVSS5.9AI score0.00855EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/20 11:16 p.m.4 views

CVE-2026-33210

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...

9.1CVSS5.8AI score0.00838EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/20 9:17 p.m.1 views

CVE-2026-33150

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...

7.8CVSS6.1AI score0.0031EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/20 9:17 p.m.2 views

CVE-2026-33165

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5.5CVSS5.9AI score0.00232EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/20 9:17 p.m.3 views

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

8.7CVSS5.8AI score0.00514EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/20 9:17 p.m.9 views

CVE-2025-63261

AWStats 8.0 is vulnerable to Command Injection via the open function...

7.8CVSS5.9AI score0.01046EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/20 9:17 p.m.3 views

CVE-2026-33155

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...

8.7CVSS5.9AI score0.00452EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/20 9:17 p.m.3 views

CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

8.1CVSS5.9AI score0.00526EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/03/20 9:17 p.m.4 views

CVE-2026-33144

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

7.8CVSS6AI score0.00165EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/20 9:17 p.m.2 views

CVE-2026-33179

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...

5.5CVSS5.8AI score0.00197EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/20 9:17 p.m.2 views

CVE-2026-33164

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...

8.7CVSS5.9AI score0.00349EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/20 8:16 p.m.2 views

CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

5.4CVSS5.9AI score0.00189EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/20 8:16 p.m.0 views

CVE-2026-4437

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the...

7.5CVSS5.9AI score0.00292EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/20 7:16 p.m.4 views

CVE-2026-32710

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...

9.9CVSS5.9AI score0.00856EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/20 3:16 p.m.3 views

CVE-2026-4519

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

7CVSS5.8AI score0.00308EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/03/20 10:16 a.m.3 views

CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

6.5CVSS5.7AI score0.00349EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/20 9:16 a.m.2 views

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

7.5CVSS6AI score0.0026EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/20 6:16 a.m.4 views

CVE-2026-33036

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references &NNN;, &xHH; and standard XML entities completely evade the entity expansion limits e.g.,...

7.5CVSS5.9AI score0.00576EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/20 5:16 a.m.4 views

CVE-2026-32953

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...

4.7CVSS6.2AI score0.00246EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/20 4:16 a.m.1 views

CVE-2026-32942

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...

9.3CVSS5.8AI score0.00319EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/20 4:16 a.m.2 views

CVE-2026-32945

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

9.8CVSS5.9AI score0.00308EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/20 2:16 a.m.0 views

CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

7.8CVSS5.8AI score0.00279EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/20 1:15 a.m.2 views

CVE-2026-32829

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

8.2CVSS5.8AI score0.00608EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/20 12:16 a.m.3 views

CVE-2026-22737

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

5.9CVSS5.8AI score0.00385EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/20 12:16 a.m.3 views

CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

2.6CVSS5.8AI score0.00112EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.3 views

CVE-2026-33040

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...

8.7CVSS5.8AI score0.00473EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.2 views

CVE-2026-32766

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...

6.3CVSS5.7AI score0.00249EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.6 views

CVE-2026-23278

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: always walk all pending catchall elements During transaction processing we might have more than one catchall element: 1 live catchall element and 1 pending element that is coming as part of the new batch. If...

7.8CVSS5.8AI score0.00164EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.5 views

CVE-2026-23277

In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnelxmit on TEQL slave xmit teqlmasterxmit calls netdevstartxmitskb, slave to transmit through slave devices, but does not update skb-dev to the slave device beforehand. When a...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.4 views

CVE-2026-23271

In the Linux kernel, the following vulnerability has been resolved: perf: Fix perfeventoverflow vs perfremovefromcontext race Make sure that perfeventoverflow runs with IRQs disabled for all possible callchains. Specifically the software events can end up running it with only preemption disabled...

7.8CVSS5.7AI score0.00096EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.4 views

CVE-2026-23275

In the Linux kernel, the following vulnerability has been resolved: iouring: ensure ctx-rings is stable for task work flags manipulation If DEFERTASKRUN | SETUPTASKRUN is used and task work is added while the ring is being resized, it's possible for the OR'ing of IORINGSQTASKRUN to happen in the...

7.8CVSS5.7AI score0.00121EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.4 views

CVE-2026-23276

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.4 views

CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References3
Total number of security vulnerabilities68528