Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/02/25 9:16 p.m.•4 views

CVE-2026-1388

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

7.5CVSS5.9AI score0.00357EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/25 9:16 p.m.•7 views

CVE-2026-26965

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, planardecompressplanerle writes into pDstData at nYDst+y nDstStep + 4nXDst + nChannel without verifying that nYDst+nSrcHeight fits in the destination height or that...

8.8CVSS6AI score0.00591EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/02/25 8:23 p.m.•4 views

CVE-2026-25941

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicious RDP server to read uninitialized heap memory...

8.1CVSS5.9AI score0.00284EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/02/25 8:21 p.m.•6 views

CVE-2025-3525

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have, under certain circumstances, allowed an authenticated user with certain access to cause Denial of Service by creating specially crafted CI...

6.5CVSS5.9AI score0.00308EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/25 8:20 p.m.•3 views

CVE-2025-14103

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/25 3:20 p.m.•3 views

CVE-2026-3201

USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service...

7.5CVSS5.9AI score0.00184EPSS
Exploits2References2
UbuntuCve
UbuntuCve
•added 2026/02/25 3:20 p.m.•6 views

CVE-2026-3202

NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service...

7.5CVSS5.9AI score0.00157EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/25 3:20 p.m.•4 views

CVE-2026-3203

RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service...

7.5CVSS5.9AI score0.00157EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/02/25 3:20 p.m.•4 views

CVE-2026-27699

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

9.8CVSS7.1AI score0.00528EPSS
Exploits2References5
UbuntuCve
UbuntuCve
•added 2026/02/25 1:16 p.m.•2 views

CVE-2026-21725

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

2.6CVSS5.8AI score0.00175EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/25 11:16 a.m.•5 views

CVE-2026-26104

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitiv...

5.5CVSS5.8AI score0.00075EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/25 11:16 a.m.•3 views

CVE-2026-26103

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

7.1CVSS5.8AI score0.00075EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/25 8:16 a.m.•3 views

CVE-2025-11563

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

4.6CVSS5.8AI score0.00302EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/25 5:17 a.m.•2 views

CVE-2026-27624

Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "::1" and "::", but IPv4-mapped IPv6 is not...

7.2CVSS7.1AI score0.00254EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2026/02/25 4:16 a.m.•2 views

CVE-2026-3147

A vulnerability was found in libvips up to 8.18.0. This affects the function vipsforeignloadcsvbuild of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch i...

7.8CVSS6AI score0.00209EPSS
Exploits1References9
UbuntuCve
UbuntuCve
•added 2026/02/25 3:16 a.m.•5 views

CVE-2026-27628

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...

7.5CVSS5.7AI score0.00346EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/25 3:16 a.m.•4 views

CVE-2026-3146

A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vipsforeignloadmatrixheader of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of the patch is...

5.5CVSS5.3AI score0.00167EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2026/02/25 3:16 a.m.•1 views

CVE-2026-3145

A flaw has been found in libvips up to 8.18.0. The affected element is the function vipsforeignloadmatrixfileisa/vipsforeignloadmatrixheader of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is...

7.8CVSS5.7AI score0.00184EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2026/02/25 3:16 a.m.•2 views

CVE-2026-27606

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...

9.8CVSS6.9AI score0.01402EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2026/02/24 10:16 p.m.•5 views

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

7.5CVSS5.8AI score0.00362EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/02/24 10:16 p.m.•3 views

CVE-2026-27572

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http...

7.5CVSS5.9AI score0.00466EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/02/24 10:16 p.m.•2 views

CVE-2026-27204

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately place limits on resource allocations requested...

6.9CVSS5.8AI score0.00345EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/02/24 5:29 p.m.•5 views

CVE-2026-27588

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...

9.1CVSS5.9AI score0.0037EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/02/24 5:29 p.m.•7 views

CVE-2026-27585

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...

8.2CVSS7.2AI score0.00323EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2026/02/24 5:29 p.m.•6 views

CVE-2026-27587

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...

9.1CVSS7.2AI score0.0037EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/02/24 5:29 p.m.•3 views

CVE-2026-27571

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

7.5CVSS5.9AI score0.00478EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/02/24 5:29 p.m.•4 views

CVE-2026-27589

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...

8.2CVSS5.9AI score0.00166EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2026/02/24 5:29 p.m.•5 views

CVE-2026-27590

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

9.8CVSS7.3AI score0.00542EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/02/24 5:29 p.m.•5 views

CVE-2026-27586

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

9.3CVSS5.9AI score0.00267EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/02/24 3:21 p.m.•4 views

CVE-2026-3102

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...

8.8CVSS6.5AI score0.03411EPSS
Exploits2References8
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•4 views

CVE-2026-2797

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

9.8CVSS5.8AI score0.00315EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•4 views

CVE-2026-2799

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•4 views

CVE-2026-2800

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

9.8CVSS5.8AI score0.00307EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•5 views

CVE-2026-2634

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4...

9.8CVSS5.8AI score0.00308EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•4 views

CVE-2026-2795

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

9.8CVSS5.8AI score0.00247EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•4 views

CVE-2026-2758

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00477EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•3 views

CVE-2026-2789

Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00318EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•5 views

CVE-2026-2759

Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00395EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•3 views

CVE-2026-2760

Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

10CVSS5.8AI score0.00395EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•3 views

CVE-2026-2762

Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.9AI score0.00543EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•6 views

CVE-2026-2791

Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00402EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•3 views

CVE-2026-2772

Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00469EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•1 views

CVE-2026-2770

Use-after-free in the DOM: Bindings WebIDL component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00469EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•8 views

CVE-2026-2786

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00314EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•4 views

CVE-2026-2763

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00469EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•2 views

CVE-2026-2780

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00339EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•3 views

CVE-2026-2790

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00229EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•3 views

CVE-2026-2769

Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.8CVSS5.8AI score0.00419EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•5 views

CVE-2026-2781

Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35...

9.8CVSS5.9AI score0.0036EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/02/24 2:16 p.m.•3 views

CVE-2026-2783

Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

7.5CVSS5.8AI score0.00285EPSS
Exploits0References8
Total number of security vulnerabilities68528