CVE reports

The Common Vulnerabilities and Exposures (CVE) system is used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. Canonical keeps track of all CVEs affecting Ubuntu, and releases a security notice when an issue is fixed. You can find additional guidance for high-profile vulnerabilities in the Ubuntu Vulnerability Knowledge Base section

Search CVEs

By Ubuntu release

Recent CVEs

CVE-2025-9900

High priority
Needs evaluation

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's...

5 affected packages

tiff, qtwebengine-opensource-src, texmaker, gdal, neuron

CVE-2025-10585

High priority
Not affected

security update

1 affected package

chromium-browser

CVE-2025-40300

High priority
Vulnerable

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace...

144 affected packages

linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-hwe-5.11...

CVE-2025-9809

High priority
Needs evaluation

Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied...

1 affected package

retroarch

CVE-2005-10004

High priority
Not affected

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly...

1 affected package

cacti

Resources

Join the discussion

Ubuntu Pro

10-year security coverage for Ubuntu and 23,000 open-source applications and toolchains.

Get Ubuntu Pro 30-day free trial

From our blog