Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.4 views

CVE-2026-25967

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-1...

7.5CVSS5.9AI score0.00319EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.2 views

CVE-2026-26198

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

9.8CVSS7.5AI score0.00915EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.5 views

CVE-2026-25794

ImageMagick is free and open-source software used for editing and manipulating digital images. WriteUHDRImage in coders/uhdr.c uses int arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit int, causing an...

8.2CVSS6AI score0.0042EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.3 views

CVE-2026-25897

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versio...

9.8CVSS5.9AI score0.00302EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.3 views

CVE-2026-25637

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never...

5.3CVSS5.9AI score0.00384EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.3 views

CVE-2026-24481

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD Adobe Photoshop format handler. When processing a maliciously crafted PSD file containin...

7.5CVSS5.9AI score0.00348EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.3 views

CVE-2026-25795

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in ReadSFWImage coders/sfw.c, when temporary file creation fails, readinfo is destroyed before its filename member is accessed, causing a NULL pointer dereferen...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.5 views

CVE-2026-26331

yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...

8.8CVSS5.8AI score0.01596EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.2 views

CVE-2026-25796

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in ReadSTEGANOImage coders/stegano.c, the watermark Image object is not freed on three early-return paths, resulting in a definite memory leak 13.5KB+ per...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.4 views

CVE-2026-25983

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it,...

9.8CVSS5.9AI score0.00435EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.2 views

CVE-2026-26284

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD Photo CD files. The decoder contains an function that has an incorrect...

9.1CVSS5.9AI score0.00404EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.3 views

CVE-2026-25971

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch...

9.8CVSS6AI score0.00208EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.5 views

CVE-2026-25982

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the coders/dcm.c module. When processing DICOM files with a specific configuration, the decoder loop incorrect...

6.5CVSS5.9AI score0.0034EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.5 views

CVE-2026-25989

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check instead of = that allows bypass the guard and reach an undefined sizet cast...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.5 views

CVE-2026-26283

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a continue statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger ...

7.5CVSS6.5AI score0.00327EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.3 views

CVE-2026-3054

A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

6.1CVSS5.1AI score0.00398EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.2 views

CVE-2026-25797

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a...

5.7CVSS6AI score0.00161EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.3 views

CVE-2026-25968

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versio...

9.8CVSS6.1AI score0.00272EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.5 views

CVE-2026-25898

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is ...

9.1CVSS6.1AI score0.00348EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/23 11:16 p.m.3 views

CVE-2026-3063

Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. Chromium security severity: High...

8.8CVSS7.3AI score0.00184EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/23 11:16 p.m.4 views

CVE-2026-3062

Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

9.8CVSS7.4AI score0.0034EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/23 11:16 p.m.3 views

CVE-2026-3061

Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

9.1CVSS7.4AI score0.00305EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/23 8:28 p.m.4 views

CVE-2026-21863

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus port can send an invalid packet that may cause an out bound read, which might result in the system crashing. The Valkey clusterbus packet processin...

7.5CVSS6AI score0.00552EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/23 8:28 p.m.5 views

CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

8.5CVSS5.9AI score0.00586EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/23 8:28 p.m.1 views

CVE-2025-61147

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable...

6.2CVSS5.8AI score0.00159EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/02/23 8:28 p.m.2 views

CVE-2026-27623

Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking...

7.5CVSS5.9AI score0.00353EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/23 7:22 p.m.2 views

CVE-2025-61146

saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component mallocstub.c...

4CVSS5.9AI score0.00118EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/23 7:22 p.m.2 views

CVE-2025-61143

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/23 7:22 p.m.4 views

CVE-2025-61145

libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c...

5.5CVSS5.8AI score0.00131EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/23 7:22 p.m.5 views

CVE-2025-61144

libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function...

9.8CVSS5.9AI score0.00253EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/02/23 4:29 p.m.5 views

CVE-2025-14905

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...

7.2CVSS6AI score0.01038EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/23 12:0 a.m.4 views

CVE-2026-2966

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

6.3CVSS5.5AI score0.0038EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/02/23 12:0 a.m.7 views

CVE-2026-2968

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS5.4AI score0.00218EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/02/23 12:0 a.m.6 views

CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

6.3CVSS5.2AI score0.00491EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/02/22 2:16 p.m.4 views

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.5CVSS6AI score0.0031EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/22 2:16 p.m.10 views

CVE-2019-25452

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extrac...

8.8CVSS6.2AI score0.00373EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/22 4:15 a.m.4 views

CVE-2026-2913

A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vipssourcereadtomemory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is rated as...

7CVSS5.2AI score0.00182EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2026/02/22 1:16 a.m.10 views

CVE-2026-2903

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function checkandmergespecialrules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name:...

4.8CVSS5.3AI score0.00113EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/02/21 10:15 p.m.6 views

CVE-2026-2889

A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/libccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 0.96.6...

4.8CVSS5.6AI score0.00118EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/02/21 8:16 a.m.3 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS6.2AI score0.0048EPSS
Exploits2References5
UbuntuCve
UbuntuCve
added 2026/02/21 7:16 a.m.5 views

CVE-2026-27206

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

8.1CVSS6AI score0.0074EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/21 6:17 a.m.7 views

CVE-2026-27205

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

4.3CVSS6.5AI score0.00374EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/21 6:17 a.m.4 views

CVE-2026-26046

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator coul...

7.2CVSS5.8AI score0.02202EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/21 6:17 a.m.4 views

CVE-2026-26047

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade...

6.5CVSS5.9AI score0.00435EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/21 6:17 a.m.6 views

CVE-2026-27199

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

6.3CVSS6.4AI score0.00556EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/02/21 6:16 a.m.6 views

CVE-2026-26045

A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available ...

7.2CVSS6.1AI score0.00553EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/21 12:16 a.m.2 views

CVE-2026-27168

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytesperline value. The value os read directly from the file as the read size in...

9.8CVSS5.9AI score0.00397EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/02/20 11:16 p.m.6 views

CVE-2026-2492

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

7CVSS7.4AI score0.00252EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/20 11:16 p.m.4 views

CVE-2026-2044

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...

7.8CVSS7.3AI score0.00972EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/20 11:16 p.m.5 views

CVE-2026-2045

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ...

7.8CVSS7.4AI score0.00566EPSS
Exploits0References5
Total number of security vulnerabilities68528