Search CVE reports


Toggle filters

1211 – 1220 of 28330 results

Status is adjusted based on your filters.


CVE-2025-8578

Medium priority
Not affected

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2025-8577

Medium priority
Not affected

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium...

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2025-8576

Medium priority
Not affected

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

1 affected package

chromium-browser

Package 24.04 LTS
chromium-browser Not affected
Show less packages

CVE-2025-3770

Medium priority
Needs evaluation

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality,...

1 affected package

edk2

Package 24.04 LTS
edk2 Needs evaluation
Show less packages

CVE-2025-54799

Medium priority
Needs evaluation

Let's Encrypt client and ACME library written in Go (Lego). In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don't enforce HTTPS when talking to CAs as...

1 affected package

golang-github-xenolf-lego

Package 24.04 LTS
golang-github-xenolf-lego Needs evaluation
Show less packages

CVE-2025-54798

Medium priority
Needs evaluation

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.

1 affected package

node-tmp

Package 24.04 LTS
node-tmp Needs evaluation
Show less packages

CVE-2025-47908

Medium priority
Needs evaluation

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by...

1 affected package

golang-github-rs-cors

Package 24.04 LTS
golang-github-rs-cors Needs evaluation
Show less packages

CVE-2025-45766

Medium priority
Needs evaluation

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review...

1 affected package

poco

Package 24.04 LTS
poco Needs evaluation
Show less packages

CVE-2024-8244

Medium priority
Vulnerable

The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is...

11 affected packages

golang-1.10, golang-1.13, golang-1.14, golang-1.16, golang-1.17...

Package 24.04 LTS
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Vulnerable
golang-1.22 Vulnerable
golang-1.24 Not in release
golang-1.23 Vulnerable
Show all 11 packages Show less packages

CVE-2025-8556

Medium priority
Needs evaluation

A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.

1 affected package

golang-github-cloudflare-circl

Package 24.04 LTS
golang-github-cloudflare-circl Needs evaluation
Show less packages