Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/03/11 5:16 p.m.•6 views

CVE-2025-12555

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, could have allowed an authenticated user to access previous pipeline job information on projects with repository and CI/CD...

4.3CVSS5.9AI score0.00243EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 5:16 p.m.•1 views

CVE-2026-31853

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

5.7CVSS5.9AI score0.00093EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 4:16 p.m.•4 views

CVE-2026-3848

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintended internal requests through proxy environments under certain conditions due to improper input...

5CVSS5.9AI score0.00187EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 4:16 p.m.•3 views

CVE-2025-12697

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions...

4.4CVSS5.9AI score0.00293EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 4:16 p.m.•4 views

CVE-2026-1732

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose confidential issue titles due to improper filtering under certain circumstances...

4.3CVSS5.8AI score0.00253EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 4:16 p.m.•5 views

CVE-2025-12576

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data...

6.5CVSS5.9AI score0.00385EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 4:16 p.m.•3 views

CVE-2026-1663

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group import permissions to create labels in private projects due to improper authorization validation in th...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 4:16 p.m.•3 views

CVE-2026-0602

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 4:16 p.m.•1 views

CVE-2025-13929

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially crafted requests to repository archive endpoints under certai...

7.5CVSS5.9AI score0.00523EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 4:16 p.m.•3 views

CVE-2025-13690

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause a denial of service condition due to improper input validation on webhook custom header names under...

6.5CVSS5.9AI score0.00385EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 4:16 p.m.•3 views

CVE-2026-22248

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

8.8CVSS6.1AI score0.00315EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 4:16 p.m.•4 views

CVE-2025-14513

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...

7.5CVSS5.9AI score0.00475EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 4:16 p.m.•4 views

CVE-2026-1090

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the markdownplaceholders feature flag was enabled, to inject JavaScript in a browser due to improper...

8.7CVSS5.9AI score0.00231EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 4:16 p.m.•3 views

CVE-2026-1230

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect...

6.5CVSS5.9AI score0.00192EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/11 2:16 p.m.•2 views

CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

6.2CVSS5.9AI score0.00146EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/03/11 10:16 a.m.•11 views

CVE-2026-3906

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

4.3CVSS5.8AI score0.00305EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/11 6:17 a.m.•3 views

CVE-2026-3884

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

6.1CVSS5.9AI score0.00158EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/03/10 10:16 p.m.•2 views

CVE-2026-31826

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...

6.8CVSS5.8AI score0.00172EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 10:16 p.m.•2 views

CVE-2026-31812

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...

8.7CVSS5.9AI score0.005EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/10 8:16 p.m.•1 views

CVE-2025-70128

A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using...

6.1CVSS6AI score0.00225EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2026/03/10 8:16 p.m.•0 views

CVE-2026-23868

Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible...

5.1CVSS5.8AI score0.00144EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 8:16 p.m.•4 views

CVE-2025-70129

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. T...

5.3CVSS5.9AI score0.00286EPSS
Exploits1References1
UbuntuCve
UbuntuCve
•added 2026/03/10 6:19 p.m.•7 views

CVE-2026-3847

Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148.0.2...

8.8CVSS5.9AI score0.00308EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/10 6:19 p.m.•5 views

CVE-2026-3846

Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...

6.5CVSS5.8AI score0.00112EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/10 6:18 p.m.•3 views

CVE-2026-30930

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

9.8CVSS5.9AI score0.00364EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/03/10 6:18 p.m.•5 views

CVE-2026-23907

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

5.3CVSS5.9AI score0.00886EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 6:18 p.m.•1 views

CVE-2026-23240

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tlsswcancelworktx This issue was discovered during a code audit. After canceldelayedworksync is called from tlsskprotoclose, txworkhandler can still be scheduled from paths such as the Delayed ACK handl...

9.8CVSS5.7AI score0.0049EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/10 6:18 p.m.•4 views

CVE-2026-23239

In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...

7.8CVSS5.7AI score0.00101EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/10 6:18 p.m.•3 views

CVE-2026-30928

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all...

8.7CVSS7.2AI score0.01657EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/03/10 7:42 a.m.•5 views

CVE-2026-26982

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 Ctrl+C in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop...

8.8CVSS6AI score0.00307EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•3 views

CVE-2026-28689

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This...

6.3CVSS5.9AI score0.00108EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•1 views

CVE-2026-28691

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

7.5CVSS5.9AI score0.00353EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•1 views

CVE-2026-28494

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-siz...

7.1CVSS6.1AI score0.00108EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•0 views

CVE-2026-30931

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. This vulnerability is fixed in 7.1.2-16...

7.8CVSS5.9AI score0.00108EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•2 views

CVE-2026-28493

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted image. This vulnerabili...

6.5CVSS5.9AI score0.00194EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•1 views

CVE-2026-30929

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fix...

7.8CVSS6AI score0.00107EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•3 views

CVE-2026-28686

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. This vulnerability is fixed in 7.1.2-16 and 6.9.13-...

6.8CVSS6AI score0.00113EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•2 views

CVE-2026-30937

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD X Windows encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of...

6.8CVSS6AI score0.00099EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•2 views

CVE-2026-30935

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds rea...

4.4CVSS6AI score0.00105EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•0 views

CVE-2026-28688

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•3 views

CVE-2026-30883

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

7.8CVSS5.9AI score0.00123EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•0 views

CVE-2026-28692

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

4.8CVSS5.9AI score0.00258EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•1 views

CVE-2026-28687

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerabilit...

5.3CVSS5.9AI score0.00243EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•3 views

CVE-2026-28690

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data...

6.9CVSS6.1AI score0.00096EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•3 views

CVE-2026-30936

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operati...

5.5CVSS5.9AI score0.00106EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•2 views

CVE-2026-26131

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00359EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•3 views

CVE-2026-26127

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network...

7.5CVSS6.8AI score0.02049EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•1 views

CVE-2026-28693

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

8.1CVSS5.9AI score0.00334EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•2 views

CVE-2026-26130

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS5.9AI score0.02818EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/03/10 12:0 a.m.•3 views

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References2
Total number of security vulnerabilities68528