Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.16 views

SUSE CVE-2026-46186

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.16 views

SUSE CVE-2026-46189

In the Linux kernel, the following vulnerability has been resolved: RDMA/vmwpvrdma: Fix double free on pvrdmaallocucontext error path Sashiko points out that pvrdmauarfree is already called within pvrdmadeallocucontext, so calling it before triggers a double free...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/28 3:58 a.m.16 views

SUSE CVE-2026-40034

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.16 views

SUSE CVE-2026-44168

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.8AI score0.00567EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.16 views

SUSE CVE-2026-45849

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

5.8AI score0.00136EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:56 a.m.16 views

SUSE CVE-2026-45906

In the Linux kernel, the following vulnerability has been resolved: power: supply: pf1550: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

5.8AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:55 a.m.16 views

SUSE CVE-2026-45968

In the Linux kernel, the following vulnerability has been resolved: cpuidle: Skip governor when only one idle state is available On certain platforms PowerNV systems without a power-mgt DT node, cpuidle may register only a single idle state. In cases where that single state is a polling state sta...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:54 a.m.16 views

SUSE CVE-2026-46033

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequen...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 12:59 p.m.16 views

SUSE CVE-2026-9502

A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompressR2004section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available an...

5.3CVSS6AI score0.00154EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.16 views

SUSE CVE-2026-48850

PuTTY 0.72 before 0.84 has a double free in RSA KEX...

5.9CVSS5.8AI score0.0032EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.16 views

SUSE CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.16 views

SUSE CVE-2026-48847

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

3.7CVSS5.9AI score0.00433EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 2:52 a.m.16 views

SUSE CVE-2026-7374

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/27 2:52 a.m.16 views

SUSE CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function's regex replacement and string-manipulation...

5.5CVSS7.1AI score0.00346EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/27 2:47 a.m.16 views

SUSE CVE-2026-45835

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsocknewconnectioncb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/26 2:4 a.m.16 views

SUSE CVE-2018-25356

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

8.6CVSS6.2AI score0.00162EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/23 1:36 a.m.16 views

SUSE CVE-2024-3220

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...

2.3CVSS5.8AI score0.00478EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.16 views

SUSE CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7CVSS5.9AI score0.00152EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/05/21 3:0 a.m.16 views

SUSE CVE-2021-41190

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

5CVSS6.5AI score0.02085EPSS
Exploits0References35
SUSE CVE
SUSE CVE
added 2026/05/21 2:42 a.m.16 views

SUSE CVE-2025-14575

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory...

1.8CVSS5.8AI score0.0009EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.16 views

SUSE CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

7.8CVSS5.8AI score0.00514EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.16 views

SUSE CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

5.5CVSS5.7AI score0.00303EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.16 views

SUSE CVE-2026-8954

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

7.6CVSS5.9AI score0.00425EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.16 views

SUSE CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

7.5CVSS5.8AI score0.00471EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.16 views

SUSE CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

8.8CVSS6.4AI score0.00378EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.16 views

SUSE CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

3.7CVSS6.1AI score0.0018EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.16 views

SUSE CVE-2026-8696

radare2 6.1.5 contains a use-after-free vulnerability in the gdbrpidslist function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability ...

9.8CVSS6.1AI score0.00603EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:13 a.m.16 views

SUSE CVE-2026-34253

A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control functionality when processing malformed input, leading to a stack buffer underflow that can cause...

3.3CVSS6AI score0.00515EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.16 views

SUSE CVE-2026-28379

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.16 views

SUSE CVE-2026-42585

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

6.5CVSS5.8AI score0.00248EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.16 views

SUSE CVE-2026-42587

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate...

7.5CVSS5.9AI score0.00863EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/14 3:4 a.m.16 views

SUSE CVE-2025-40048

In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Let userspace take care of interrupt mask Remove the logic to set interrupt mask by default in uiohvgeneric driver as the interrupt mask value is supposed to be controlled completely by the user space. If the mask b...

5.5CVSS5.9AI score0.00207EPSS
Exploits0References25
SUSE CVE
SUSE CVE
added 2026/05/13 3:54 p.m.16 views

SUSE CVE-2017-1000065

Multiple Cross-site scripting XSS vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights ManagementUsers functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser...

6.1CVSS6.5AI score0.00741EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 2:56 p.m.16 views

SUSE CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure...

5.6CVSS7.2AI score0.0616EPSS
Exploits1References53
SUSE CVE
SUSE CVE
added 2026/05/13 2:22 p.m.16 views

SUSE CVE-2026-42498

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

5.3CVSS5.8AI score0.00548EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/13 2:21 p.m.16 views

SUSE CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.16 views

SUSE CVE-2026-7813

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.16 views

SUSE CVE-2026-7816

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

8.8CVSS6.1AI score0.01444EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:33 a.m.16 views

SUSE CVE-2026-43458

In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty-link reference in ldiscopen and serrelease A reproducer triggers a KASAN slab-use-after-free in ptywriteroom when caifserial's TX path calls ttywriteroom. The faulting access is on tty-link-port. Hold an...

7.8CVSS5.8AI score0.00117EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:33 a.m.16 views

SUSE CVE-2026-43894

jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INTMAX-1 2147483646 digits, the D2U macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-by...

7.8CVSS5.8AI score0.00158EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/12 3:48 a.m.16 views

SUSE CVE-2025-38093

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: x1e80100: Add GPU cooling Unlike the CPU, the GPU does not throttle its speed automatically when it reaches high temperatures. With certain high GPU loads it is possible to reach the critical hardware shutdown...

5.5CVSS6.2AI score0.00136EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/11 2:16 p.m.16 views

SUSE CVE-2026-8274

A security vulnerability has been detected in npitre cramfs-tools up to 2.1. Affected is the function dodirectory of the file cramfsck.c of the component Directory Handler. Such manipulation leads to path traversal. The attack can only be performed from a local environment. The exploit has been...

5.3CVSS5.3AI score0.00173EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/11 2:14 p.m.16 views

SUSE CVE-2026-42307

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

7.8CVSS6AI score0.00774EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.16 views

SUSE CVE-2026-45190

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

7.5CVSS5.8AI score0.00311EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.16 views

SUSE CVE-2026-45191

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190...

7.5CVSS5.8AI score0.003EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.16 views

SUSE CVE-2026-44244

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...

7.8CVSS5.8AI score0.00237EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.16 views

SUSE CVE-2026-44742

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.16 views

SUSE CVE-2026-44927

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

8.6CVSS5.8AI score0.00211EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.16 views

SUSE CVE-2026-7936

Determined not a vulnerability...

5.2AI score0.00193EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.16 views

SUSE CVE-2026-7964

Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.9AI score0.00176EPSS
Exploits0References3
Total number of security vulnerabilities5000