canonical
4,248 tracked vulnerabilities.
CVE-2026-5412
CRITICAL
Juju CloudSpec API could leak senstive information
Apr 10, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-34179
CRITICAL
Update of type field in restricted TLS certificate allows privilege escalation to cluster admin
Apr 09, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-34178
CRITICAL
Importing a crafted backup leads to project restriction bypass
Apr 09, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-34177
CRITICAL
VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf
Apr 09, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-4370
CRITICAL
Improper TLS Client/Server authentication and certificate verification on Database Cluster
Apr 01, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-32694
MEDIUM
Insecure Direct Object Reference attack via predictable secret ID in Juju
Mar 18, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-32693
HIGH
Unauthorized access to Kubernetes secrets in Juju
Mar 18, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-32692
HIGH
Unauthorized update of out-of-scope Vault secrets
Mar 18, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-32691
MEDIUM
Timing ownership claim attack on new external back-end secrets
Mar 18, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-3888
HIGH
Local Privilege Escalation in snapd
Mar 17, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-3497
HIGH
OpenSSH GSSAPI Patches in Ubuntu - Use of Uninitialized Resource via Unexpected GSSAPI Message
Mar 12, 2026
CVSS 7.5
EPSS 0.02
CVE-2026-28384
CRITICAL
Canonical LXD 4.12-6.6 - Command Injection
Mar 12, 2026
EPSS 0.01
CVE-2026-3351
MEDIUM
Canonical LXD 6.6 - Authenticated Certificate Enumeration via GET /1.0/certificates Endpoint
Mar 03, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1237
LOW
juju - Improper Verification of Cryptographic Signature in Cross-Model Authorization
Jan 28, 2026
EPSS 0.00
CVE-2025-15480
CRITICAL
Senstive information disclosure was affecting ubuntu-desktop-provision
Apr 09, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-14551
HIGH
Senstive information disclosure was affecting subiquity
Apr 09, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-68153
MEDIUM
Juju: Resource poisoning
Apr 03, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-68152
MEDIUM
Juju: Read All Controller Logs From Compromised Workload
Apr 03, 2026
CVSS 4.9
EPSS 0.00
CVE-2025-13350
HIGH
Ubuntu Linux 6.8 GA - Privilege Escalation
Mar 05, 2026
EPSS 0.00
CVE-2025-5467
LOW
Apport 2.20.1-0ubuntu1-2.20.1-0ubuntu2.30 - Incorrect Group Ownership Assignment in Crash File Creation
Dec 10, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-7044
HIGH
MAAS 3.3.0-3.3.10 - Authenticated Privilege Escalation via Websocket User Update Injection
Dec 03, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-54293
MEDIUM
Canonical LXD 5.0 LTS - Authenticated Path Traversal via Log File Retrieval
Oct 02, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-54292
MEDIUM
Canonical LXD 5.0.0-5.21.4 - Authenticated Path Traversal via URL Path Resource Names
Oct 02, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-54291
MEDIUM
Canonical LXD < 5.21.4 - Unauthenticated Information Disclosure via Images API
Oct 02, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-54290
MEDIUM
Canonical LXD < 5.21.4 - Unauthenticated Information Disclosure via Image Export API
Oct 02, 2025
CVSS 5.3
EPSS 0.00
Products
ubuntu_linux 4,120
lxd 23
juju 20
apport 17
snapd 16
Ubuntu Linux 13
cloud-init 9
Juju 7
metal_as_a_service 5
multipass 5
accountsservice 4
authd 4
ubuntu_core 4
ubuntu_touch 4
Ubuntu 3
landscape 3
maas 3
subiquity 3
LXD 2
Multipass 2
Ubuntu 20.04 LTS 2
Ubuntu 22.04 LTS 2
Ubuntu 24.04 LTS 2
acpi-support 2
lxcfs 2
software-properties 2
ubuntu 2
ubuntu_desktop_provision 2
unity-firefox-extension 2
update-manager 2
Quick Filters