Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2026/02/11 9:16 p.m.2 views

CVE-2020-37182

Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in...

8.7CVSS6.1AI score0.00477EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 9:16 p.m.4 views

CVE-2026-26157

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

7CVSS7.5AI score0.00682EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2026/02/11 7:15 p.m.4 views

CVE-2026-2316

Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.9AI score0.00225EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/11 7:15 p.m.4 views

CVE-2026-2315

Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.08754EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/11 7:15 p.m.5 views

CVE-2026-2318

Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.9AI score0.00225EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/11 7:15 p.m.4 views

CVE-2026-2319

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. Chromium security severity: Medium...

7.5CVSS5.9AI score0.00204EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/11 7:15 p.m.3 views

CVE-2026-2314

Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.042EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/11 7:15 p.m.4 views

CVE-2026-2321

Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.9AI score0.00248EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/11 7:15 p.m.5 views

CVE-2026-2317

Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.9AI score0.00199EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/11 7:15 p.m.4 views

CVE-2026-2322

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.9AI score0.00229EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/11 7:15 p.m.3 views

CVE-2026-2320

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.9AI score0.0021EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/11 7:15 p.m.6 views

CVE-2026-2323

Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.9AI score0.00223EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/11 7:15 p.m.5 views

CVE-2026-2313

Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.04095EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/11 7:15 p.m.14 views

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

7.5CVSS6.9AI score0.00492EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.3 views

CVE-2025-14592

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API...

5.3CVSS5.9AI score0.00254EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.5 views

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

8.1CVSS5.9AI score0.00351EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.4 views

CVE-2026-1458

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files...

7.5CVSS5.9AI score0.00364EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.4 views

CVE-2025-12474

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas...

4.4CVSS5.8AI score0.00101EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.3 views

CVE-2026-1282

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles...

5.4CVSS5.9AI score0.00162EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.4 views

CVE-2025-8099

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries...

7.5CVSS5.9AI score0.004EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.4 views

CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

8CVSS5.9AI score0.00277EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.3 views

CVE-2025-12575

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services throug...

5.4CVSS5.9AI score0.00164EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.2 views

CVE-2025-14594

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API...

3.5CVSS5.9AI score0.00164EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.2 views

CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

4.7CVSS5.8AI score0.00292EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.7 views

CVE-2026-1387

GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl...

6.5CVSS5.9AI score0.00289EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.3 views

CVE-2026-1094

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

4.6CVSS5.9AI score0.00162EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.2 views

CVE-2026-1456

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processin...

7.5CVSS5.9AI score0.00364EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.3 views

CVE-2026-1080

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API...

4.3CVSS5.9AI score0.00195EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.7 views

CVE-2025-69872

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

9.8CVSS7.6AI score0.0051EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.3 views

CVE-2026-1837

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale col...

8.7CVSS5.8AI score0.00199EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.3 views

CVE-2025-7659

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE...

9.1CVSS5.9AI score0.00182EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.5 views

CVE-2025-14560

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...

7.3CVSS6AI score0.00217EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.4 views

CVE-2026-0595

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test...

7.3CVSS5.9AI score0.00217EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.4 views

CVE-2025-12073

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.5 views

CVE-2026-0958

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/10 10:17 p.m.7 views

CVE-2026-26007

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the...

8.2CVSS6.5AI score0.00341EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/10 8:16 p.m.2 views

CVE-2025-29939

Improper access control in secure encrypted virtualization SEV could allow a privileged attacker to write to the reverse map page RMP during secure nested paging SNP initialization, potentially resulting in a loss of guest memory confidentiality and integrity...

6.9CVSS5.9AI score0.00136EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/10 8:16 p.m.6 views

CVE-2025-54514

Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity...

4.8CVSS5.9AI score0.00101EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/10 8:16 p.m.4 views

CVE-2025-0031

A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLESOCKET policy on a different socket than the migration agent potentially resulting in loss of integrity...

4.6CVSS5.8AI score0.00112EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/10 8:16 p.m.4 views

CVE-2024-21953

Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity...

5.9CVSS5.8AI score0.00157EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/10 8:16 p.m.4 views

CVE-2025-48509

Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity...

1.8CVSS5.9AI score0.00115EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/10 8:16 p.m.5 views

CVE-2025-52534

Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/10 8:16 p.m.4 views

CVE-2025-48514

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality...

4CVSS5.9AI score0.00135EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/10 8:16 p.m.2 views

CVE-2025-0012

Improper handling of overlap between the segmented reverse map table RMP and system management mode SMM memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in loss of integrity or confidentiality...

6.8CVSS5.9AI score0.00136EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/10 8:16 p.m.1 views

CVE-2025-52536

Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity...

6.7CVSS5.9AI score0.00136EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/10 8:16 p.m.5 views

CVE-2025-29952

Improper Initialization within the AMD Secure Encrypted Virtualization SEV firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity...

5.9CVSS5.9AI score0.00143EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/10 8:16 p.m.4 views

CVE-2025-29948

Improper access control in AMD Secure Encrypted Virtualization SEV firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity...

5.9CVSS5.9AI score0.00144EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/10 8:16 p.m.6 views

CVE-2025-29946

Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory...

4.5CVSS5.9AI score0.0014EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/10 8:16 p.m.6 views

CVE-2025-48517

Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality...

4.6CVSS5.9AI score0.00136EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/10 7:16 p.m.3 views

CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

7.8CVSS6.4AI score0.00302EPSS
Exploits0References5
Total number of security vulnerabilities68528