Search CVE reports


Toggle filters

141 – 150 of 43740 results

Status is adjusted based on your filters.


CVE-2026-59997

Medium priority
Needs evaluation

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.

2 affected packages

openssh, openssh-ssh1

Package 22.04 LTS
openssh Needs evaluation
openssh-ssh1 Ignored
Show less packages

CVE-2026-59996

Medium priority
Needs evaluation

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.

2 affected packages

openssh, openssh-ssh1

Package 22.04 LTS
openssh Needs evaluation
openssh-ssh1 Ignored
Show less packages

CVE-2026-59995

Medium priority
Needs evaluation

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.

2 affected packages

openssh, openssh-ssh1

Package 22.04 LTS
openssh Needs evaluation
openssh-ssh1 Ignored
Show less packages

CVE-2026-50811

Medium priority
Needs evaluation

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TT_Get_Var_Design implementation used by FT_Get_Var_Design_Coordinates

1 affected package

freetype

Package 22.04 LTS
freetype Needs evaluation
Show less packages

CVE-2026-14895

Medium priority

Not in release

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s*$//u. Because \s* matches greedily and the $ anchor fails...

1 affected package

libstring-util-perl

Package 22.04 LTS
libstring-util-perl Not in release
Show less packages

CVE-2026-14740

Medium priority
Needs evaluation

DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of...

1 affected package

libdbi-perl

Package 22.04 LTS
libdbi-perl Needs evaluation
Show less packages

CVE-2026-14739

Medium priority
Needs evaluation

DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million...

1 affected package

libdbi-perl

Package 22.04 LTS
libdbi-perl Needs evaluation
Show less packages

CVE-2026-14380

Medium priority
Needs evaluation

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the...

1 affected package

libdbi-perl

Package 22.04 LTS
libdbi-perl Needs evaluation
Show less packages

CVE-2026-59153

Medium priority
Needs evaluation

Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently...

1 affected package

anki

Package 22.04 LTS
anki Needs evaluation
Show less packages

CVE-2026-58266

Medium priority
Needs evaluation

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can...

1 affected package

anki

Package 22.04 LTS
anki Needs evaluation
Show less packages