| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6369 | Exposed Session Token in canonical-livepatch client snap | Canonical | canonical-livepatch | - | - | 2026-04-20 13:38:14 | Deep Dive |
| CVE-2026-5412 | Juju CloudSpec API could leak senstive information | Canonical | Juju | Critical | 9.9 | 2026-04-10 12:22:05 | Deep Dive |
| CVE-2026-5774 | Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map | Canonical | Juju | 中危 | - | 2026-04-10 12:10:56 | Deep Dive |
| CVE-2025-14551 | Senstive information disclosure was affecting subiquity | Canonical | Ubuntu | - | - | 2026-04-09 15:03:59 | Deep Dive |
| CVE-2025-15480 | Senstive information disclosure was affecting ubuntu-desktop-provision | Canonical | Ubuntu | - | - | 2026-04-09 15:02:14 | Deep Dive |
| CVE-2026-34179 | Update of type field in restricted TLS certificate allows privilege escalation to cluster admin | Canonical | lxd | Critical | 9.1 | 2026-04-09 09:22:15 | Deep Dive |
| CVE-2026-34178 | Importing a crafted backup leads to project restriction bypass | Canonical | lxd | Critical | 9.1 | 2026-04-09 09:18:58 | Deep Dive |
| CVE-2026-34177 | VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf | Canonical | lxd | Critical | 9.1 | 2026-04-09 09:15:28 | Deep Dive |
| CVE-2026-4370 | Improper TLS Client/Server authentication and certificate verification on Database Cluster | Canonical | Juju | Critical | 10.0 | 2026-04-01 08:09:18 | Deep Dive |
| CVE-2026-32694 | Insecure Direct Object Reference attack via predictable secret ID in Juju | Canonical | Juju | Medium | 6.6 | 2026-03-18 12:55:43 | Deep Dive |
| CVE-2026-32693 | Unauthorized access to Kubernetes secrets in Juju | Canonical | Juju | High | 8.8 | 2026-03-18 12:47:03 | Deep Dive |
| CVE-2026-32692 | Unauthorized update of out-of-scope Vault secrets | Canonical | Juju | High | 7.6 | 2026-03-18 12:35:29 | Deep Dive |
| CVE-2026-32691 | Timing ownership claim attack on new external back-end secrets | Canonical | Juju | Medium | 5.3 | 2026-03-18 12:28:12 | Deep Dive |
| CVE-2026-3888 | Local Privilege Escalation in snapd | - | - | High | 7.8 | 2026-03-17 14:02:08 | Deep Dive |
| CVE-2026-28384 | Authenticated RCE via unsanitized compression_algorithm | Canonical | lxd | - | - | 2026-03-12 14:51:30 | Deep Dive |
| CVE-2025-13350 | Use-after-free of orphaned AF_UNIX in Ubuntu builds of Linux kernel | Canonical | Ubuntu Linux | 高危 | - | 2026-03-05 18:56:03 | Deep Dive |
| CVE-2026-3351 | Authorization Bypass in LXD GET /1.0/certificates Endpoint | Canonical | lxd | - | - | 2026-03-03 12:49:25 | Deep Dive |
| CVE-2026-1237 | Juju 安全漏洞 | Canonical | juju | - | - | 2026-01-28 15:01:46 | Deep Dive |
| CVE-2025-5467 | Ubuntu Apport Insecure File Permissions Vulnerability | Canonical | apport | - | - | 2025-12-10 18:00:36 | Deep Dive |
| CVE-2025-6966 | Null-pointer dereference in python-apt TagSection.keys() | Canonical | python-apt | 中危 | - | 2025-12-05 12:59:41 | Deep Dive |