Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2026/03/04 8:16 p.m.4 views

CVE-2026-28435

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib httplib.h does not enforce Server::setpayloadmaxlength on the decompressed request body when using HandlerWithContentReader streaming ContentReader with Content-Encoding: gzip or other...

7.5CVSS5.7AI score0.00418EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/04 8:16 p.m.5 views

CVE-2026-28434

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...

5.3CVSS5.7AI score0.003EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/04 7:16 p.m.5 views

CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

8.6CVSS7.6AI score0.00924EPSS
Exploits3References6
UbuntuCve
UbuntuCve
added 2026/03/04 6:16 p.m.3 views

CVE-2026-20031

A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...

5.3CVSS5.8AI score0.00414EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/04 4:16 p.m.2 views

CVE-2025-12801

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...

6.5CVSS5.8AI score0.00462EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/04 3:16 p.m.4 views

CVE-2026-23237

In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL pointer checks In a few places in the Classmate laptop driver, code using the accel object may run before that object's address is stored in the driver data of the input device usi...

5.5CVSS5.7AI score0.00193EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/03/04 3:16 p.m.3 views

CVE-2025-71238

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsgdone causing double free Kernel panic observed on system, 5353358.825191 BUG: unable to handle page fault for address: ff5f5e897b024000 5353358.825194 PF: supervisor write access in kernel mode 5353358.82519...

7.8CVSS5.7AI score0.00194EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/03/04 3:16 p.m.3 views

CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...

7.1CVSS5.7AI score0.00156EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/03/04 3:16 p.m.4 views

CVE-2026-23238

In the Linux kernel, the following vulnerability has been resolved: romfs: check sbsetblocksize return value romfsfillsuper ignores the return value of sbsetblocksize, which can fail if the requested block size is incompatible with the block device's configuration. This can be triggered by settin...

5.5CVSS5.7AI score0.00189EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/03/04 3:16 p.m.2 views

CVE-2026-23233

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for swapfile Xiaolong Guo reported a f2fs bug in bugzilla 1 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 Quoted: "When using stress-ng's swap stress test on F2FS filesystem...

7.8CVSS5.6AI score0.0016EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/03/04 3:16 p.m.1 views

CVE-2026-23234

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fswriteendio As syzbot reported an use-after-free issue in f2fswriteendio. It is caused by below race condition: loop device umount - workerthread - loopprocesswork - doreqfilebacked - lorwaio -...

7.8CVSS5.7AI score0.00119EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/03/04 3:16 p.m.4 views

CVE-2026-23232

In the Linux kernel, the following vulnerability has been resolved: Revert "f2fs: block cache/dio write during f2fsenablecheckpoint" This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a. Original patch may cause below deadlock, revert it. write remount - writebegin - lockpage --- lock A -...

5.5CVSS5.7AI score0.00104EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/04 3:16 p.m.2 views

CVE-2026-23236

In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFXIOCTLREPORTDAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid...

7.3CVSS5.7AI score0.00206EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/03/04 2:16 p.m.3 views

CVE-2026-3103

A logic error in the removepassword function in Checkmk GmbH's Checkmk versions 2.4.0p23, 2.3.0p43, and 2.2.0 EOL allows a low-privileged user to cause data loss...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/04 1:15 p.m.2 views

CVE-2026-23231

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix use-after-free in nftablesaddchain nftablesaddchain publishes the chain to table-chains via listaddtailrcu in nftchainadd before registering hooks. If nftablesregisterhook then fails, the error path calls...

7.8CVSS5.7AI score0.00812EPSS
Exploits1References17
UbuntuCve
UbuntuCve
added 2026/03/04 9:15 a.m.2 views

CVE-2025-66168

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

8.8CVSS6.1AI score0.0078EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/04 9:15 a.m.4 views

CVE-2026-27446

Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This cou...

9.8CVSS7.3AI score0.10629EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/03 11:15 p.m.5 views

CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS5.9AI score0.00432EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2026/03/03 11:15 p.m.5 views

CVE-2026-27601

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS5.9AI score0.00612EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/03 11:15 p.m.4 views

CVE-2026-27622

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector totalsizes for attacker-controlled large counts across many parts,...

8.4CVSS5.9AI score0.00201EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2026/03/03 8:16 p.m.2 views

CVE-2026-29022

drlibs drwav.h version 0.14.4 and earlier fixed in commit 8a7258c contain a heap buffer overflow vulnerability in the drwavreadsmpltometadataobj function of drwav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 a...

7.8CVSS6AI score0.00207EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/03 6:16 p.m.8 views

CVE-2025-15599

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

6.1CVSS5.9AI score0.00245EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/03 6:16 p.m.7 views

CVE-2026-0540

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...

6.1CVSS7.2AI score0.0034EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/03 3:16 p.m.2 views

CVE-2026-22891

A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerabilit...

9.8CVSS6.2AI score0.00589EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/03 3:16 p.m.4 views

CVE-2026-20777

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS6.2AI score0.00511EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/03 3:16 p.m.2 views

CVE-2025-64736

An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch 5462afb0. A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability...

7.1CVSS5.9AI score0.00184EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/03 2:0 p.m.5 views

CVE-2026-25673

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...

7.5CVSS5.9AI score0.00734EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/03 2:0 p.m.4 views

CVE-2026-25674

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...

3.7CVSS5.8AI score0.00341EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/03 1:16 p.m.2 views

CVE-2026-3351

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

5.3CVSS7.2AI score0.00141EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/03 12:0 a.m.2 views

CVE-2026-3196

two potential OOB memory accesses in virtio-snd...

5.8AI score0.00102EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/03 12:0 a.m.2 views

CVE-2026-3195

two potential OOB memory accesses in virtio-snd...

5.8AI score0.00126EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/02 8:16 p.m.0 views

CVE-2026-27631

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra...

6.9CVSS6.4AI score0.00255EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/03/02 8:16 p.m.4 views

CVE-2026-27596

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra...

7.5CVSS6.4AI score0.00367EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/03/02 8:16 p.m.0 views

CVE-2026-25884

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...

8.1CVSS6.5AI score0.00307EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/03/02 5:16 p.m.6 views

CVE-2026-23865

An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...

5.3CVSS5.9AI score0.00141EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2026/03/02 4:16 a.m.3 views

CVE-2026-3408

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available...

6.5CVSS5.5AI score0.00394EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2026/03/01 10:16 a.m.2 views

CVE-2026-3389

A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstdrexnewnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and m...

5.5CVSS5.5AI score0.00166EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/03/01 10:16 a.m.3 views

CVE-2026-3388

A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could...

5.5CVSS5.4AI score0.00166EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/02/27 10:16 p.m.2 views

CVE-2026-28419

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding...

6.6CVSS6AI score0.00168EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/02/27 10:16 p.m.4 views

CVE-2026-28418

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundar...

5.5CVSS6AI score0.0022EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/02/27 10:16 p.m.4 views

CVE-2026-28420

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue...

4.4CVSS6AI score0.00177EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/02/27 10:16 p.m.4 views

CVE-2026-28417

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

7.8CVSS6.1AI score0.01162EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/02/27 10:16 p.m.3 views

CVE-2026-28422

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in buildstlstrhl when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue...

2.2CVSS5.9AI score0.00142EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/02/27 10:16 p.m.2 views

CVE-2026-28421

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault SEGV exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issu...

7.8CVSS5.9AI score0.00177EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/02/27 9:16 p.m.3 views

CVE-2026-28351

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

6.9CVSS5.8AI score0.00423EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/27 8:21 p.m.2 views

CVE-2026-27824

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both remoteaddr and the X-Forwarded-For header. Since the X-Forwarded-For header i...

5.3CVSS5.9AI score0.00148EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/02/27 8:21 p.m.4 views

CVE-2026-27810

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...

6.4CVSS6AI score0.00206EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/02/27 6:16 p.m.0 views

CVE-2026-21619

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

7.5CVSS5.9AI score0.00576EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/27 2:16 p.m.5 views

CVE-2025-10990

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

7.5CVSS5.9AI score0.00468EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/27 12:16 p.m.4 views

CVE-2026-24350

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

5.4CVSS6AI score0.00169EPSS
Exploits0References3
Total number of security vulnerabilities68528