Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•2 views

CVE-2026-4445

Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•4 views

CVE-2026-4454

Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•4 views

CVE-2026-4462

Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•2 views

CVE-2026-4455

Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

8.8CVSS6.1AI score0.0025EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•1 views

CVE-2026-4443

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.4AI score0.00415EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•2 views

CVE-2026-4447

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00354EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•2 views

CVE-2026-4460

Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•1 views

CVE-2026-4457

Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00306EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•3 views

CVE-2026-4464

Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6AI score0.00253EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•3 views

CVE-2026-4461

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00281EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•4 views

CVE-2026-4439

Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.1AI score0.00341EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•3 views

CVE-2026-4440

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00324EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•1 views

CVE-2026-4441

Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.1AI score0.00317EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•3 views

CVE-2026-4451

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•4 views

CVE-2026-4452

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00253EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•3 views

CVE-2026-4458

Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

8.8CVSS5.9AI score0.00193EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•2 views

CVE-2026-4463

Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.00301EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•4 views

CVE-2026-33056

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

6.5CVSS7AI score0.00379EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•1 views

CVE-2026-4448

Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.00271EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•2 views

CVE-2026-4449

Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•4 views

CVE-2026-4446

Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00281EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•2 views

CVE-2026-4442

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.00271EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•0 views

CVE-2026-4450

Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00281EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•6 views

CVE-2026-4456

Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•3 views

CVE-2026-4459

Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00281EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•4 views

CVE-2026-4453

Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS6AI score0.00176EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•0 views

CVE-2026-23273

In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlancommonnewlink error path valis reported that a race condition still happens after my prior patch. macvlancommonnewlink might have made @dev visible before detecting an error, and its...

7.8CVSS5.7AI score0.00119EPSS
Exploits0References20
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•9 views

CVE-2026-33065

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

6.9CVSS5.7AI score0.00282EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•5 views

CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS5.7AI score0.00321EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•4 views

CVE-2026-33191

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•2 views

CVE-2026-3842

Unknown description...

5.8AI score
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•5 views

CVE-2026-23274

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...

7.8CVSS5.7AI score0.00123EPSS
Exploits0References19
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•3 views

CVE-2026-33064

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

8.7CVSS5.8AI score0.00486EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•4 views

CVE-2026-23272

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unconditionally bump set-nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be walking over it...

7.8CVSS5.7AI score0.00122EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•4 views

CVE-2026-32874

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...

7.5CVSS5.7AI score0.00479EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•4 views

CVE-2026-32875

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent...

7.5CVSS5.9AI score0.00469EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•8 views

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS7AI score0.00397EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/03/20 12:0 a.m.•4 views

CVE-2026-23275

In the Linux kernel, the following vulnerability has been resolved: iouring: ensure ctx-rings is stable for task work flags manipulation If DEFERTASKRUN | SETUPTASKRUN is used and task work is added while the ring is being resized, it's possible for the OR'ing of IORINGSQTASKRUN to happen in the...

7.8CVSS5.7AI score0.00121EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/19 10:16 p.m.•5 views

CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/19 9:17 p.m.•4 views

CVE-2026-3547

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVEALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash...

7.5CVSS5.9AI score0.00257EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/19 9:17 p.m.•3 views

CVE-2026-3230

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

2.7CVSS5.9AI score0.00209EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/19 9:17 p.m.•3 views

CVE-2026-4395

Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkeyraw buffer via a crafted oversized EC public key point. The WOLFSSLKCAPIECC code path copies the input to...

9.8CVSS6.1AI score0.00344EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/19 9:17 p.m.•4 views

CVE-2026-27953

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

9.8CVSS5.8AI score0.01192EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/03/19 9:17 p.m.•7 views

CVE-2026-3849

Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...

9.8CVSS6.2AI score0.00444EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/19 9:17 p.m.•3 views

CVE-2026-3549

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

9.8CVSS6AI score0.00487EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/19 9:17 p.m.•3 views

CVE-2026-3229

An integer overflow vulnerability existed in the static function wolfssladdtochain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssladdtochain is called by these API: wolfSSLCTXaddextrachaincert,...

5.5CVSS5.9AI score0.00064EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/19 9:17 p.m.•5 views

CVE-2026-30836

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...

10CVSS6.2AI score0.00296EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/19 9:17 p.m.•5 views

CVE-2026-30924

qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a...

9.6CVSS6.5AI score0.00257EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/19 8:16 p.m.•2 views

CVE-2026-3579

wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions sp256mul9, sp256sqr9, etc., leading to a timing...

5.9CVSS5.9AI score0.00265EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/19 8:16 p.m.•6 views

CVE-2026-3580

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

4.7CVSS5.9AI score0.00128EPSS
Exploits0References2
Total number of security vulnerabilities68528