Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2026/06/07 4:42 a.m.8 views

SUSE CVE-2026-11207

Insufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. Chromium security severity: Medium...

9.6CVSS5.5AI score0.00216EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:42 a.m.8 views

SUSE CVE-2026-11208

Use after free in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00229EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:41 a.m.8 views

SUSE CVE-2026-11209

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00229EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:41 a.m.8 views

SUSE CVE-2026-11230

Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6AI score0.00242EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:41 a.m.8 views

SUSE CVE-2026-11232

Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. Chromium security severity: Low...

5.4CVSS5.5AI score0.00146EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:41 a.m.8 views

SUSE CVE-2026-11233

Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

4.7CVSS5.5AI score0.00177EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:41 a.m.8 views

SUSE CVE-2026-11238

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...

5.9CVSS5.4AI score0.0017EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:40 a.m.8 views

SUSE CVE-2026-11244

Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

3.1CVSS5.5AI score0.00207EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:40 a.m.8 views

SUSE CVE-2026-11248

Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

8.8CVSS5.5AI score0.00241EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:40 a.m.8 views

SUSE CVE-2026-11272

Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

8.8CVSS5.5AI score0.00234EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:39 a.m.8 views

SUSE CVE-2026-11279

Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6AI score0.00291EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:39 a.m.8 views

SUSE CVE-2026-11281

Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. Chromium security severity: Low...

5CVSS5.4AI score0.00085EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:39 a.m.8 views

SUSE CVE-2026-11285

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00183EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:39 a.m.8 views

SUSE CVE-2026-11287

Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.5AI score0.00233EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:39 a.m.8 views

SUSE CVE-2026-11288

Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.5AI score0.00197EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:39 a.m.8 views

SUSE CVE-2026-11293

Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.6CVSS5.5AI score0.00202EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:39 a.m.8 views

SUSE CVE-2026-11294

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00154EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:39 a.m.8 views

SUSE CVE-2026-11299

Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.5AI score0.00198EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:38 a.m.8 views

SUSE CVE-2026-22001

unknown...

2.7CVSS7.4AI score0.00259EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/07 4:38 a.m.8 views

SUSE CVE-2026-22002

unknown...

4.9CVSS7.4AI score0.00323EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/07 4:38 a.m.8 views

SUSE CVE-2026-35237

unknown...

4.9CVSS7.4AI score0.00242EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/07 4:38 a.m.8 views

SUSE CVE-2026-35239

unknown...

4.9CVSS7.4AI score0.00242EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 3:2 a.m.8 views

SUSE CVE-2025-40911

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are...

6.5CVSS5.6AI score0.00306EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.8 views

SUSE CVE-2026-11099

unknown...

5.4AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.8 views

SUSE CVE-2026-11170

Inappropriate implementation in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. Chromium security severity: Medium...

8.1CVSS5.5AI score0.00238EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.8 views

SUSE CVE-2026-50261

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS5.4AI score0.0014EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.8 views

SUSE CVE-2026-45679

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...

6.5CVSS5.7AI score0.00212EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46248

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif-linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created arvif-iscreated remains false, the error path attempts to...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-48587

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.9CVSS5.8AI score0.00354EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/28 3:53 a.m.8 views

SUSE CVE-2026-46057

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlockrestrictself which can set LOGSUBDOMAINSOFF...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:52 a.m.8 views

SUSE CVE-2026-46089

In the Linux kernel, the following vulnerability has been resolved: zram: do not forget to endio for partial discard requests As reported by Qu Wenruo and Avinesh Kumar, the following getconf PAGESIZE 65536 blkdiscard -p 4k /dev/zram0 takes literally forever to complete. zram doesn't support...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 5:36 a.m.8 views

SUSE CVE-2021-22884

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DN...

5.8CVSS6.9AI score0.32362EPSS
Exploits1References17
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.8 views

SUSE CVE-2026-42002

Concurrency and locking defects in GSS-TSIG...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.8 views

SUSE CVE-2026-42396

Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail...

4.9CVSS5.8AI score0.00353EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.8 views

SUSE CVE-2026-44058

An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism...

7.2CVSS6AI score0.00532EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.8 views

SUSE CVE-2026-47247

unknown...

6.2CVSS5.8AI score0.00041EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/21 1:12 p.m.8 views

SUSE CVE-2026-9114

Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. Chromium security severity: High...

8.8CVSS6.2AI score0.00365EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 1:12 p.m.8 views

SUSE CVE-2026-9119

Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.4AI score0.00538EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 1:11 p.m.8 views

SUSE CVE-2026-44050

A heap-based buffer overflow in the CNID daemon commrcv function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service...

9.9CVSS6.4AI score0.00418EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/19 2:1 a.m.8 views

SUSE CVE-2025-8194

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

6.5CVSS6.8AI score0.00611EPSS
Exploits0References27
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.8 views

SUSE CVE-2026-8522

Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.0028EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.8 views

SUSE CVE-2026-8530

Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00267EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.8 views

SUSE CVE-2026-8563

Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.8 views

SUSE CVE-2026-8575

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.8AI score0.00176EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.8 views

SUSE CVE-2026-8579

Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted print file. Chromium security severity: Medium...

3.1CVSS5.8AI score0.00134EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.8 views

SUSE CVE-2026-8584

Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.8AI score0.00138EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.8 views

SUSE CVE-2026-8586

Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. Chromium security severity: Medium...

5.5CVSS5.8AI score0.00103EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.8 views

SUSE CVE-2026-43909

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i 4 inside SwapRGBABytes causes the function to compute a large negative...

8.8CVSS5.9AI score0.00371EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.8 views

SUSE CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.8 views

SUSE CVE-2026-46469

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

5.5CVSS5.8AI score0.00101EPSS
Exploits0References3
Total number of security vulnerabilities5000