Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2026/02/20 11:16 p.m.4 views

CVE-2026-2047

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

7.8CVSS7.4AI score0.0062EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/20 11:16 p.m.4 views

CVE-2026-2048

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ...

7.8CVSS7.4AI score0.00622EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/20 10:16 p.m.3 views

CVE-2026-27025

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...

6.9CVSS5.8AI score0.00168EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/20 10:16 p.m.0 views

CVE-2026-27024

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1...

6.9CVSS5.8AI score0.00168EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/20 10:16 p.m.4 views

CVE-2026-27113

Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...

6.3CVSS6.3AI score0.00428EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/20 10:16 p.m.3 views

CVE-2026-27026

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1...

6.9CVSS5.8AI score0.00168EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/20 10:16 p.m.3 views

CVE-2026-0797

GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.4AI score0.01157EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/20 9:19 p.m.4 views

CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS5.8AI score0.00445EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/02/20 11:15 a.m.2 views

CVE-2026-21620

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...

2.3CVSS5.9AI score0.00461EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/20 5:17 a.m.6 views

CVE-2026-2739

This affects versions of the package bn.js before 5.2.3. Calling maskn0 on any BN instance corrupts the internal state, causing toString, divmod, and other methods to enter an infinite loop, hanging the process indefinitely...

6.9CVSS5.9AI score0.00467EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/02/20 3:16 a.m.4 views

CVE-2026-27017

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

5.3CVSS5.8AI score0.00154EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/20 3:16 a.m.3 views

CVE-2026-26994

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

6.5CVSS5.7AI score0.00268EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/20 3:16 a.m.13 views

CVE-2026-26996

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

8.7CVSS5.7AI score0.00519EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/20 2:16 a.m.4 views

CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.8AI score0.00288EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/02/20 2:16 a.m.6 views

CVE-2026-26064

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writin...

9.3CVSS5.9AI score0.0088EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/20 2:16 a.m.4 views

CVE-2026-26065

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers both 132-byte and 202-byte header variants that allow arbitrary file writes with arbitrary extension and arbitrary...

9.3CVSS6.3AI score0.0052EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/20 1:15 a.m.5 views

CVE-2026-26967

PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL...

9.3CVSS6AI score0.0029EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/20 12:0 a.m.3 views

CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

6.1CVSS5.8AI score0.00126EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/02/19 11:16 p.m.4 views

CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

3.7CVSS5.8AI score0.00197EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2026/02/19 11:16 p.m.7 views

CVE-2026-26958

filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If Point.MultiScalarMult i...

6.3CVSS6.9AI score0.00366EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/19 8:25 p.m.3 views

CVE-2026-26200

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on...

7.8CVSS6.5AI score0.00356EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/02/19 8:25 p.m.4 views

CVE-2026-26203

PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer performs unchecked...

6.5CVSS6AI score0.00101EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/19 8:25 p.m.4 views

CVE-2026-26278

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...

7.5CVSS5.8AI score0.00811EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/02/19 7:22 p.m.5 views

CVE-2026-27473

SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...

6.4CVSS5.9AI score0.0026EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/19 7:22 p.m.4 views

CVE-2026-27474

SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...

6.1CVSS5.9AI score0.00264EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/19 7:22 p.m.7 views

CVE-2026-27475

SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...

9.2CVSS7.1AI score0.00776EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2026/02/19 7:22 p.m.4 views

CVE-2026-27472

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

5.3CVSS6AI score0.00262EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/19 6:25 p.m.9 views

CVE-2026-2243

A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition DoS...

5.1CVSS5.8AI score0.00114EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/02/19 5:24 p.m.6 views

CVE-2025-69725

An Open Redirect vulnerability in the go-chi/chi =5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain...

4.7CVSS5.9AI score0.00223EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/19 4:27 p.m.4 views

CVE-2026-26223

SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...

6.1CVSS5.8AI score0.00188EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/19 4:27 p.m.4 views

CVE-2026-26345

SPIP before 4.4.8 contains a stored cross-site scripting XSS vulnerability in the public area triggered in certain edge-case usage patterns. The echapperhtmlsuspect function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges e.g.,...

8.6CVSS5.8AI score0.00187EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/19 4:27 p.m.3 views

CVE-2025-71241

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting XSS in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen...

6.1CVSS5.9AI score0.002EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/19 4:27 p.m.4 views

CVE-2025-71244

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...

6.1CVSS5.8AI score0.00196EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/19 4:27 p.m.3 views

CVE-2026-25766

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

5.3CVSS7.2AI score0.00329EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/02/19 4:27 p.m.5 views

CVE-2025-71240

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

5.4CVSS6AI score0.00183EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/19 4:27 p.m.5 views

CVE-2025-71242

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections rubriques in AJAX-loaded fragments, allowing an authenticated attacker to access restricted...

6.5CVSS5.9AI score0.00245EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/19 7:17 a.m.5 views

CVE-2026-2705

A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The manipulation results in out-of-bounds read. It is possible to launch the attack remotely. The exploi...

8.1CVSS5.5AI score0.007EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/02/19 7:17 a.m.5 views

CVE-2026-2704

A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the component CIF File Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the...

8.1CVSS5.4AI score0.00759EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/02/18 11:16 p.m.3 views

CVE-2025-15581

Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access...

5.7CVSS5.9AI score0.00408EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/18 10:16 p.m.6 views

CVE-2019-25355

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal...

8.7CVSS7.2AI score0.01206EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/02/18 9:16 p.m.6 views

CVE-2025-0577

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...

4.8CVSS5.9AI score0.00244EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/18 9:16 p.m.18 views

CVE-2025-1272

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned...

7.7CVSS7.2AI score0.00231EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/18 9:16 p.m.1 views

CVE-2025-14876

A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service DoS on the host system by causing the QEMU process to terminate...

5.5CVSS7AI score0.00137EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/18 9:16 p.m.6 views

CVE-2026-1200

A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the increaseBufferTo function. This vulnerability can lead to memory corruption problems and potentially other consequences...

6.3CVSS5.9AI score0.00329EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/18 9:16 p.m.3 views

CVE-2025-8860

A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. Wh...

3.3CVSS6.2AI score0.00147EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/18 9:16 p.m.2 views

CVE-2025-12343

A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnnbackendtf.c source file. The issue occurs in the dnnexecutemodeltf function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free conditio...

5.5CVSS6.7AI score0.00149EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/18 9:16 p.m.3 views

CVE-2026-0665

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption...

6.5CVSS7AI score0.00143EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/18 8:18 p.m.3 views

CVE-2026-25500

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the javascript: scheme e.g. javascript:alert1, the...

5.4CVSS6.3AI score0.00224EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/18 8:18 p.m.4 views

CVE-2026-2661

A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be...

7.8CVSS5.9AI score0.00235EPSS
Exploits2References6
UbuntuCve
UbuntuCve
added 2026/02/18 7:21 p.m.3 views

CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

7.5CVSS6.7AI score0.00665EPSS
Exploits1References3
Total number of security vulnerabilities68528