Ubuntu security advisories
10 threat alerts tracking vulnerabilities and security advisories that affect Ubuntu products.
Vulnios monitors Ubuntu CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent Ubuntu security news in one place, or click into an individual alert for full detail.
USN-8525-1: curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP redirects in conjunction with .netrc files. An attacker could possibly use this issue to obtain sensitive inform
criticalCVE-2024-11053USN-8526-1: libheif vulnerabilities
Xianrui Dong discovered that libheif had an out-of-bounds read in its HEIF sequence track parser. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information
criticalCVE-2026-47254USN-8523-1: libsoup vulnerabilities
Eric Su and Samuel Dainard discovered that libsoup incorrectly handled content with zero-length resources. An attacker could possibly use this issue to trigger a buffer over-read, resulting in informa
criticalCVE-2026-2369USN-8522-1: LibRaw vulnerabilities
It was discovered that LibRaw incorrectly handled certain Nikon RAW image files. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service. (CVE-2026-5342) I
criticalCVE-2026-5342USN-8502-1: GnuTLS vulnerabilities
It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive informa
criticalCVE-2024-0553USN-8509-1: Python vulnerabilities
It was discovered that Python incorrectly normalized paths in the tarfile module. An attacker could possibly use this issue to bypass path restrictions. This issue only affected Ubuntu 22.04 LTS and U
criticalCVE-2025-13462USN-8504-1: SOGo vulnerabilities
It was discovered that SOGo did not properly sanitize categories used for events, tasks, and contacts. A remote authenticated attacker could possibly use this issue to perform cross-site scripting att
criticalCVE-2025-71276USN-8511-1: socat vulnerabilities
It was discovered that socat incorrectly handled the SOCKS5 proxy server reply parser. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-56123) It was discovered tha
criticalCVE-2026-56123USN-8500-1: Vim vulnerabilities
It was discovered that Vim incorrectly handled path traversal in the zip.vim plugin. An attacker could possibly use this issue to overwrite arbitrary files. This issue only affected Ubuntu 14.04 LTS,
criticalCVE-2026-35177USN-8467-2: Perl vulnerabilities
USN-8467-1 fixed vulnerabilities in Perl. This update provides the corresponding fix for Perl on Ubuntu 25.10. Original advisory details: It was discovered that Perl's Archive::Tar module incorrectly
criticalCVE-2026-42496
Track Ubuntu exposure across your environment
Vulnios automatically cross-references your asset inventory against new Ubuntu CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan