CVE search results

171 – 180 of 31781 results

Detailed view

Sort by:

Status is adjusted based on your filters.

CVE-2026-25068

Medium priority

Needs evaluation

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from...

1 affected package

alsa-lib

Package	24.04 LTS
alsa-lib	Needs evaluation

CVE-2026-24413

Medium priority

Needs evaluation

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows....

1 affected package

icinga2

Package	24.04 LTS
icinga2	Needs evaluation

CVE-2025-45160

Medium priority

Needs evaluation

A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper...

1 affected package

cacti

Package	24.04 LTS
cacti	Needs evaluation

CVE-2020-37011

Medium priority

Vulnerable

Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with...

1 affected package

gnome-font-viewer

Package	24.04 LTS
gnome-font-viewer	Vulnerable

CVE-2026-0818

Medium priority

Not affected

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a...

1 affected package

thunderbird

Package	24.04 LTS
thunderbird	Not affected

CVE-2025-68119

Medium priority

Needs evaluation

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	24.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Needs evaluation
golang-1.22	Needs evaluation
golang-1.23	Needs evaluation
golang-1.24	Not in release
golang-1.25	Not in release

CVE-2025-61731

Medium priority

Needs evaluation

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	24.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Needs evaluation
golang-1.22	Needs evaluation
golang-1.23	Needs evaluation
golang-1.24	Not in release
golang-1.25	Not in release

CVE-2025-61730

Medium priority

Needs evaluation

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	24.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Needs evaluation
golang-1.22	Needs evaluation
golang-1.23	Needs evaluation
golang-1.24	Not in release
golang-1.25	Not in release

CVE-2025-61728

Medium priority

Needs evaluation

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	24.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Needs evaluation
golang-1.22	Needs evaluation
golang-1.23	Needs evaluation
golang-1.24	Not in release
golang-1.25	Not in release

CVE-2025-61726

Medium priority

Needs evaluation

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package	24.04 LTS
golang	Not in release
golang-1.6	Not in release
golang-1.8	Not in release
golang-1.9	Not in release
golang-1.10	Not in release
golang-1.13	Not in release
golang-1.14	Not in release
golang-1.16	Not in release
golang-1.17	Not in release
golang-1.18	Not in release
golang-1.20	Not in release
golang-1.21	Needs evaluation
golang-1.22	Needs evaluation
golang-1.23	Needs evaluation
golang-1.24	Not in release
golang-1.25	Not in release

Export to JSON

Results by page:

Search CVE reports