Lucene search
K
SusecveMost viewed

59855 matches found

SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.16 views

SUSE CVE-2026-9919

Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.16 views

SUSE CVE-2026-9924

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.16 views

SUSE CVE-2026-9932

Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.16 views

SUSE CVE-2026-9965

Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.16 views

SUSE CVE-2026-9970

Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.16 views

SUSE CVE-2026-9971

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.16 views

SUSE CVE-2026-9988

Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00173EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.16 views

SUSE CVE-2026-9990

Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.8AI score0.00173EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.16 views

SUSE CVE-2026-9994

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.16 views

SUSE CVE-2026-10000

Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00185EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.16 views

SUSE CVE-2026-10006

Race in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.0023EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.16 views

SUSE CVE-2026-10007

Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.16 views

SUSE CVE-2026-10012

Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00173EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:7 a.m.16 views

SUSE CVE-2026-40528

OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the dokeyvalue function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry...

7.8CVSS5.9AI score0.00146EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/30 2:5 a.m.16 views

SUSE CVE-2026-44608

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

5.9CVSS5.7AI score0.00255EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.16 views

SUSE CVE-2026-48155

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.16 views

SUSE CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

4.8CVSS6AI score0.00181EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2026/05/29 1:23 a.m.16 views

SUSE CVE-2026-5950

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 throu...

5.3CVSS5.8AI score0.00551EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/05/29 1:22 a.m.16 views

SUSE CVE-2026-25707

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

7.4CVSS5.8AI score0.006EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/29 1:20 a.m.16 views

SUSE CVE-2026-45076

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

2.7CVSS5.8AI score0.00369EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:20 a.m.16 views

SUSE CVE-2026-45078

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1...

6.8CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:20 a.m.16 views

SUSE CVE-2026-45104

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying - it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

7.5CVSS5.8AI score0.0032EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.16 views

SUSE CVE-2026-46124

In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...

5.5CVSS5.8AI score0.00425EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.16 views

SUSE CVE-2026-46125

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connection prep fails If connection preparation fails for MLO connections, then the interface is completely reset to non-MLD. In this case, we must not keep the station since it's related to the...

5.5CVSS5.8AI score0.00302EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.16 views

SUSE CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

6.3CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.16 views

SUSE CVE-2026-46157

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it may lead to more sever...

5.3CVSS5.7AI score0.00099EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.16 views

SUSE CVE-2026-46159

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix btrfsioctlspaceinfo slotcount TOCTOU which can lead to info-leak btrfsioctlspaceinfo has a TOCTOU race between two passes over the block group RAID type lists. The first pass counts entries to determine the allocation...

5.5CVSS5.8AI score0.00093EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.16 views

SUSE CVE-2026-46162

In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in icesfethactivate error path When auxiliarydeviceadd fails, icesfethactivate jumps to auxdevuninit and calls auxiliarydeviceuninit&sfdev-adev. The device release callback icesfdevrelease frees sfdev, but th...

5.5CVSS5.8AI score0.00138EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.16 views

SUSE CVE-2026-46164

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in createspaceinfosubgroup error path When kobjectinitandadd fails, the call chain is: createspaceinfosubgroup - btrfssysfsaddspaceinfotype - kobjectinitandadd - failure - kobjectput&subgroup-kobj -...

5.5CVSS5.8AI score0.00136EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.16 views

SUSE CVE-2026-46173

In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASKDEAD task When an already-exiting task oopses, maketaskdead currently calls dotaskdead with preemption enabled. That is forbidden: dotaskdead calls schedule, which has a comment saying...

7CVSS5.7AI score0.00126EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.16 views

SUSE CVE-2026-46183

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect path kfree with damonsysfslock damonsysfsquotgoal-path can be read and written by users, via DAMON sysfs 'path' file. It can also be indirectly read, for the parameters on,offline committing to...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.16 views

SUSE CVE-2026-46186

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.16 views

SUSE CVE-2026-46189

In the Linux kernel, the following vulnerability has been resolved: RDMA/vmwpvrdma: Fix double free on pvrdmaallocucontext error path Sashiko points out that pvrdmauarfree is already called within pvrdmadeallocucontext, so calling it before triggers a double free...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/28 3:58 a.m.16 views

SUSE CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.16 views

SUSE CVE-2026-44168

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.8AI score0.00567EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.16 views

SUSE CVE-2026-45849

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

5.8AI score0.00136EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:54 a.m.16 views

SUSE CVE-2026-46033

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequen...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 12:59 p.m.16 views

SUSE CVE-2026-9502

A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompressR2004section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available an...

5.3CVSS6AI score0.00154EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.16 views

SUSE CVE-2026-48850

PuTTY 0.72 before 0.84 has a double free in RSA KEX...

5.9CVSS5.8AI score0.0032EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.16 views

SUSE CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS5.8AI score0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.16 views

SUSE CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.16 views

SUSE CVE-2026-48847

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

3.7CVSS5.9AI score0.00433EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 2:52 a.m.16 views

SUSE CVE-2026-7374

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/27 2:52 a.m.16 views

SUSE CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function's regex replacement and string-manipulation...

5.5CVSS7.1AI score0.00346EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/27 2:47 a.m.16 views

SUSE CVE-2026-45835

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsocknewconnectioncb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/26 2:4 a.m.16 views

SUSE CVE-2018-25356

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

8.6CVSS6.2AI score0.00162EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/23 1:36 a.m.16 views

SUSE CVE-2024-3220

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...

2.3CVSS5.8AI score0.00478EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:21 a.m.16 views

SUSE CVE-2026-7836

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...

3.1CVSS5.8AI score0.00257EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.16 views

SUSE CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7CVSS5.9AI score0.00152EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/05/21 3:0 a.m.16 views

SUSE CVE-2021-41190

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

5CVSS6.5AI score0.02085EPSS
Exploits0References35
Total number of security vulnerabilities5000