Lucene search
K
SusecveMost viewed

60028 matches found

SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.15 views

SUSE CVE-2026-9898

Insufficient validation of untrusted input in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00228EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.15 views

SUSE CVE-2026-9906

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.15 views

SUSE CVE-2026-9910

Out of bounds memory access in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00325EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.15 views

SUSE CVE-2026-9911

Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.9AI score0.00209EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.15 views

SUSE CVE-2026-9912

Inappropriate implementation in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.8AI score0.00247EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.15 views

SUSE CVE-2026-9921

Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin information via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00238EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.15 views

SUSE CVE-2026-9929

Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.15 views

SUSE CVE-2026-9936

Use after free in GFX in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.15 views

SUSE CVE-2026-9937

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.15 views

SUSE CVE-2026-9942

Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5CVSS5.7AI score0.00199EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.15 views

SUSE CVE-2026-9951

Use after free in UI in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.15 views

SUSE CVE-2026-9969

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00291EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.15 views

SUSE CVE-2026-9973

Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.0028EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.15 views

SUSE CVE-2026-9975

Out of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.15 views

SUSE CVE-2026-9976

Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00296EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.15 views

SUSE CVE-2026-9977

Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00184EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.15 views

SUSE CVE-2026-9979

Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5CVSS5.7AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.15 views

SUSE CVE-2026-9981

Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.8AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.15 views

SUSE CVE-2026-9983

Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00255EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.15 views

SUSE CVE-2026-9992

Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00234EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.15 views

SUSE CVE-2026-10016

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:7 a.m.15 views

SUSE CVE-2026-40622

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

5.9CVSS5.7AI score0.00171EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/30 2:6 a.m.15 views

SUSE CVE-2026-42944

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options 'nsid', 'answer-cookie', 'pad-responses' default need to be enabl...

7.5CVSS5.8AI score0.00842EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/30 2:6 a.m.15 views

SUSE CVE-2026-42960

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...

5.9CVSS5.7AI score0.00249EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/30 2:5 a.m.15 views

SUSE CVE-2026-44390

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses with very large RRsets with records that don't share a suffix above the root can cause Unbound to...

5.9CVSS5.8AI score0.00556EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.15 views

SUSE CVE-2026-48525

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

7.5CVSS5.8AI score0.00288EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.15 views

SUSE CVE-2026-48840

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:23 a.m.15 views

SUSE CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8.1CVSS5.8AI score0.0032EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/29 1:22 a.m.15 views

SUSE CVE-2026-9759

ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service...

5.5CVSS5.8AI score0.00092EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:22 a.m.15 views

SUSE CVE-2026-9828

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

2.1CVSS6.4AI score0.0037EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:22 a.m.15 views

SUSE CVE-2026-23679

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

6.9CVSS5.9AI score0.00184EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:21 a.m.15 views

SUSE CVE-2026-41052

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.15 views

SUSE CVE-2026-46120

In the Linux kernel, the following vulnerability has been resolved: ip6gre: Use cached t-net in ip6erspanchangelink. After commit 5e72ce3e3980 "net: ipv6: Use link netns in newlink of rtnllinkops", ip6erspannewlink correctly resolves the per-netns ip6gre hash via linknet. ip6erspanchangelink was...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.15 views

SUSE CVE-2026-46127

In the Linux kernel, the following vulnerability has been resolved: RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdmacopypduresp Sashiko points out that pd-uctx isn't initialized until late in the function so all these error flow references are NULL and will crash. Use the uctx that isn't NU...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.15 views

SUSE CVE-2026-46128

In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.15 views

SUSE CVE-2026-46169

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread doesn't validate that the on-disk record size matches the expected si...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.15 views

SUSE CVE-2026-46182

In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized explicitly. Because the struct paprhvpipehdr contains reserved paddi...

3.3CVSS5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.15 views

SUSE CVE-2026-46184

In the Linux kernel, the following vulnerability has been resolved: sound: ua101: fix division by zero at probe Add a missing sanity check for bNrChannels in detectusbformat to prevent a division by zero in playbackurbcomplete and captureurbcomplete. USB core does not validate class-specific...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.15 views

SUSE CVE-2026-46212

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadvbladelbackboneclaims removes all claims for a backbone, it does this by dropping the link entry in the hash list. This list entry itself was one of the...

7.5CVSS5.7AI score0.00274EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/29 1:14 a.m.15 views

SUSE CVE-2026-46238

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neighnode, but some paths also cache an originator pointer derived from a temporary lookup. That pointer is not own...

5.5CVSS5.7AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 4:1 a.m.15 views

SUSE CVE-2025-70103

Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc...

8.1CVSS6AI score0.00367EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/28 4:1 a.m.15 views

SUSE CVE-2025-71304

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...

5.7AI score0.0016EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:58 a.m.15 views

SUSE CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

7.4CVSS5.8AI score0.00338EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/28 3:58 a.m.15 views

SUSE CVE-2026-42791

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

7.4CVSS5.8AI score0.00316EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.15 views

SUSE CVE-2026-44173

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

5CVSS5.2AI score0.00399EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.15 views

SUSE CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

5.3CVSS5.8AI score0.0025EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.15 views

SUSE CVE-2026-44839

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

5.6CVSS5.8AI score0.0018EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.15 views

SUSE CVE-2026-45859

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: do shared-unconfirmed check before segmentation Ulrich reports a regression with nfqueue: If an application did not set the 'FGSO' capability flag and a gso packet with an unconfirmed nfconn entry is...

5.8AI score0.00595EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:56 a.m.15 views

SUSE CVE-2026-45891

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

4.7CVSS5.9AI score0.00129EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/28 3:55 a.m.15 views

SUSE CVE-2026-45933

In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve id of register in synclinkedregs synclinkedregs copies the id of knownreg to reg when propagating bounds of knownreg to reg using the off of knownreg, but when knownreg was linked to reg like: knownreg = reg ; both...

5.8AI score0.00172EPSS
Exploits0References3
Total number of security vulnerabilities5000