Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/02/10 7:16 p.m.•2 views

CVE-2026-25609

Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/10 7:16 p.m.•3 views

CVE-2026-25613

An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index...

7.1CVSS5.8AI score0.0024EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/10 7:16 p.m.•3 views

CVE-2026-25610

An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints...

7.1CVSS5.8AI score0.0024EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/10 7:16 p.m.•7 views

CVE-2026-2302

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

6.9CVSS5.8AI score0.00196EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/10 7:15 p.m.•5 views

CVE-2026-1847

Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leading to server crash...

7.5CVSS5.9AI score0.00243EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/10 7:15 p.m.•5 views

CVE-2026-1850

Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/10 7:15 p.m.•3 views

CVE-2026-1849

MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...

7.5CVSS5.8AI score0.00272EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/10 7:15 p.m.•6 views

CVE-2026-1848

Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only applies to connections accepted from the proxy port, pending the proxy protocol header...

8.2CVSS5.8AI score0.00263EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/10 6:16 p.m.•3 views

CVE-2026-21237

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally...

7CVSS6.1AI score0.00261EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/10 6:16 p.m.•4 views

CVE-2026-21537

Improper control of generation of code 'code injection' in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network...

8.8CVSS6.1AI score0.00532EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/10 6:16 p.m.•8 views

CVE-2026-25611

A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server...

8.7CVSS7.3AI score0.00782EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/02/10 6:16 p.m.•13 views

CVE-2026-25612

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks...

7.1CVSS5.9AI score0.00199EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/10 6:16 p.m.•3 views

CVE-2026-21242

Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally...

7CVSS5.8AI score0.0034EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/10 6:16 p.m.•8 views

CVE-2026-25646

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...

8.3CVSS6.1AI score0.00955EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2026/02/10 5:16 p.m.•8 views

CVE-2025-31648

Improper handling of values in the microcode flow for some IntelR Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local...

3.9CVSS5.9AI score0.00133EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/10 5:16 p.m.•6 views

CVE-2026-24885

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...

8CVSS5.8AI score0.00182EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/02/10 5:16 p.m.•7 views

CVE-2026-25530

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...

4.3CVSS5.9AI score0.00235EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/02/10 4:16 p.m.•7 views

CVE-2024-54192

An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpeditdltgetplugin function at src/tcpedit/plugins/dltutils.c...

5.5CVSS5.9AI score0.00139EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/10 3:16 p.m.•5 views

CVE-2025-15571

A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed public...

5.5CVSS5.3AI score0.00158EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2026/02/10 2:16 p.m.•5 views

CVE-2025-15570

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzmadecompressbuf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the...

7.8CVSS5.7AI score0.00202EPSS
Exploits1References7
UbuntuCve
UbuntuCve
•added 2026/02/10 11:16 a.m.•5 views

CVE-2025-15569

A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function getsystemdpi of the file platform/x11/winmain.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The...

7.3CVSS6.7AI score0.00115EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/02/10 12:0 a.m.•5 views

CVE-2026-21218

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...

7.5CVSS5.9AI score0.01015EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2026/02/10 12:0 a.m.•3 views

CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS7AI score0.00219EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/09 11:16 p.m.•5 views

CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

4.3CVSS7.1AI score0.00136EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/09 10:16 p.m.•10 views

CVE-2026-25918

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

5.9CVSS5.9AI score0.00132EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/09 10:16 p.m.•3 views

CVE-2026-25892

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...

7.5CVSS5.9AI score0.01586EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/02/09 9:15 p.m.•2 views

CVE-2026-25639

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

7.5CVSS7AI score0.01564EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/02/09 9:15 p.m.•6 views

CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS7.3AI score0.00351EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/09 8:15 p.m.•7 views

CVE-2026-2245

A vulnerability was identified in CCExtractor up to 183. This affects the function parsePAT/parsePMT in the library src/libccx/tstables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is...

4.8CVSS5.5AI score0.00127EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/02/09 7:15 p.m.•2 views

CVE-2026-24680

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdlPointerNew frees data on failure, then pointerfree calls sdlPointerFree and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0...

8.7CVSS5.9AI score0.00423EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/09 7:15 p.m.•2 views

CVE-2026-24491

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerability is fixed in 3.22.0...

8.7CVSS5.9AI score0.00467EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/09 7:15 p.m.•3 views

CVE-2026-24677

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecamencodercompressh264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in swsscale. This vulnerability is fixed in 3.22.0...

9.1CVSS6AI score0.00489EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/09 7:15 p.m.•2 views

CVE-2026-24681

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion. This vulnerability is fixed in 3.22.0...

8.7CVSS5.9AI score0.00467EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/09 7:15 p.m.•8 views

CVE-2026-24678

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite. This vulnerability is fixed in 3.22.0...

8.7CVSS5.9AI score0.00628EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/09 7:15 p.m.•2 views

CVE-2026-24682

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audinserverrecvformats frees an incorrect number of audio formats on parse failure i + i, leading to out-of-bounds access in audioformatsfree. This vulnerability is fixed in 3.22.0...

8.7CVSS5.9AI score0.00467EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/09 7:15 p.m.•3 views

CVE-2026-24684

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave. This vulnerability is fixed in 3.22.0...

8.7CVSS5.9AI score0.00534EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/09 7:15 p.m.•5 views

CVE-2026-23948

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability...

7.5CVSS5.9AI score0.00467EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/09 7:15 p.m.•2 views

CVE-2026-24683

FreeRDP is a free implementation of the Remote Desktop Protocol. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This...

8.7CVSS5.9AI score0.00467EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/09 7:15 p.m.•3 views

CVE-2026-24676

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. This vulnerability is fixed in 3.22.0...

8.7CVSS5.9AI score0.00467EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/09 7:15 p.m.•2 views

CVE-2026-24679

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...

9.1CVSS5.9AI score0.00489EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/09 7:15 p.m.•1 views

CVE-2026-24675

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...

8.7CVSS5.9AI score0.00467EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/09 4:16 p.m.•4 views

CVE-2026-24095

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permissio...

5.3CVSS5.9AI score0.0023EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/09 3:16 p.m.•5 views

CVE-2026-24027

Crafted zones can lead to increased incoming network traffic...

5.3CVSS5.9AI score0.00396EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/09 3:16 p.m.•2 views

CVE-2025-59024

Crafted delegations or IP fragments can poison cached delegations in Recursor...

6.5CVSS5.8AI score0.00122EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/09 3:16 p.m.•5 views

CVE-2026-0398

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor...

5.3CVSS5.9AI score0.00407EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2026/02/09 3:16 p.m.•2 views

CVE-2025-59023

Crafted delegations or IP fragments can poison cached delegations in Recursor...

8.2CVSS5.8AI score0.00266EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2026/02/09 3:16 p.m.•5 views

CVE-2025-14831

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

5.3CVSS5.8AI score0.00638EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/02/09 10:15 a.m.•3 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS7AI score0.00363EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/02/09 9:16 a.m.•2 views

CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

4.3CVSS5.8AI score0.00629EPSS
Exploits2References6
UbuntuCve
UbuntuCve
•added 2026/02/07 10:16 p.m.•5 views

CVE-2025-15564

A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod::operator of the file src/value.cpp. The manipulation leads to divide by zero. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used...

5.5CVSS5.2AI score0.00203EPSS
Exploits1References7
Total number of security vulnerabilities68528