Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'ubuntu-pro-26-04-lts'

View all threats tagged with 'ubuntu-pro-26-04-lts'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: ubuntu-pro-26-04-lts

Threats Tagged 'ubuntu-pro-26-04-lts'

Click on any threat for detailed analysis and mitigation recommendations

UBUNTU-CVE-2026-39178
0

A SQL injection vulnerability exists in SOGo versions prior to 5.12.7 that allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint. This vulnerability affects multiple specific versions of SOGo as listed. Exploitation could lead to unauthorized data access and modification. No known exploits in the wild have been reported. Patch status is not confirmed in the provided data.

Join the discussion
UBUNTU-CVE-2026-39179
0

A SQL injection vulnerability exists in SOGo versions prior to 5.12.7 that allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality. This vulnerability affects multiple specific versions of SOGo as listed. Exploitation can lead to confidentiality, integrity, and availability impacts. No official patch or vendor advisory is provided in the input data.

Join the discussion
UBUNTU-CVE-2026-43515
0

An improper authorization vulnerability exists in Apache Tomcat when multiple method constraints define an HTTP method for the same extension. This affects multiple Apache Tomcat versions from 7.0.0 through 11.0.21. The vulnerability allows unauthorized access due to incorrect enforcement of HTTP method constraints. Fixed versions include 11.0.22, 10.1.55, and 9.0.118.

Join the discussion
UBUNTU-CVE-2026-45409
0

A denial-of-service vulnerability exists in the Python IDNA library versions prior to 3.15, where specially crafted inputs to the idna.encode() function can cause excessive resource consumption due to delayed length validation. This issue was partially addressed in version 3.14 and more comprehensively in 3.15. The vulnerability is triggered by unusually large inputs that exceed normal domain name lengths. Enforcing the domain name length limit of 253 characters before calling idna.encode() can mitigate the issue.

Join the discussion
UBUNTU-CVE-2026-46627
0

Twig, a PHP template language, has a vulnerability in its sandbox prior to version 3.26.0 where it does not prevent templates from consuming excessive CPU, memory, or wall-clock time. This allows untrusted templates to cause resource exhaustion. The issue is addressed in version 3.26.0 by clarifying that the sandbox does not protect against resource exhaustion.

Join the discussion
UBUNTU-CVE-2026-46628
0

Twig, a PHP template language, has a vulnerability in versions prior to 3.26.0 where the deprecated spaceless filter is incorrectly registered as safe for HTML. This causes the autoescaping feature to emit attacker-controlled markup unescaped when spaceless is applied to untrusted input. The issue is resolved in version 3.26.0.

Join the discussion
UBUNTU-CVE-2026-46629
0

Twig, a PHP template language, prior to version 3.26.0, memoizes IntlDateFormatter and NumberFormatter instances keyed by template-controlled filter arguments. This allows a template to allocate many ICU formatter objects that remain in memory for the lifetime of the Twig\Environment. The issue is fixed in version 3.26.0.

Join the discussion
UBUNTU-CVE-2026-46633
0

Twig, a PHP template language, has a vulnerability in versions prior to 3.26.0 where the Compiler::string() method does not escape single quotes in template names used in {% use %} tags inside PHP single-quoted string literals. This flaw allows crafted template names to break out of the string context and inject arbitrary PHP code into the compiled cache file. The issue is fixed starting with version 3.26.0.

Join the discussion
UBUNTU-CVE-2026-46634
0

A vulnerability in the Twig PHP template engine versions from 3.9.0 up to but not including 3.26.0 allows sandboxed templates to bypass security policy enforcement. The issue arises because template_from_string() compiles inner templates under synthesized names that can fall outside the sandbox's SourcePolicyInterface decision. This enables a sandboxed template to call template_from_string and include to render an inner template without applying the sandbox security policy. The vulnerability is fixed in version 3.26.0.

Join the discussion
UBUNTU-CVE-2026-46635
0

A vulnerability in the Twig PHP template language prior to version 3.26.0 allows an untrusted template author to read object properties that are not in the sandbox allowlist. This occurs because the column filter passes object arrays to PHP's array_column() function, which accesses public and magic properties without sandbox checks. The issue is fixed in Twig version 3.26.0.

Join the discussion

Showing 1 to 10 of 37 results

Filters:Tag: ubuntu-pro-26-04-lts
Page 1 of 4
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses