Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.14 views

SUSE CVE-2026-11160

Out of bounds read in Input in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00229EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:16 a.m.14 views

SUSE CVE-2026-10805

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...

6.7CVSS5.7AI score0.00118EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.14 views

SUSE CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

8.1CVSS5.8AI score0.00263EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:25 a.m.14 views

SUSE CVE-2026-34077

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:23 a.m.14 views

SUSE CVE-2026-43965

Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.toml by LocalPackages::readfromdisc are passed without validation to paths.buildpackagespackage, whi...

5.6CVSS5.9AI score0.00152EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.14 views

SUSE CVE-2026-10230

A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::readanimations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

5.3CVSS6.1AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:40 a.m.14 views

SUSE CVE-2026-42502

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/06/02 1:38 a.m.14 views

SUSE CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:37 a.m.14 views

SUSE CVE-2026-46243

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

7.8CVSS5.8AI score0.00353EPSS
Exploits4References18
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.14 views

SUSE CVE-2026-9895

Out of bounds read in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.14 views

SUSE CVE-2026-9898

Insufficient validation of untrusted input in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00228EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.14 views

SUSE CVE-2026-9913

Inappropriate implementation in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00234EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.14 views

SUSE CVE-2026-9916

Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.14 views

SUSE CVE-2026-9925

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.14 views

SUSE CVE-2026-9926

Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.14 views

SUSE CVE-2026-9930

Out of bounds write in Dawn in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.14 views

SUSE CVE-2026-9934

Use after free in Aura in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.00255EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.14 views

SUSE CVE-2026-9938

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00319EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.14 views

SUSE CVE-2026-9940

Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00259EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.14 views

SUSE CVE-2026-9946

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.14 views

SUSE CVE-2026-9958

Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

8.8CVSS5.8AI score0.00224EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.14 views

SUSE CVE-2026-9961

Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.14 views

SUSE CVE-2026-9962

Use after free in WebRTC in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00355EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.14 views

SUSE CVE-2026-9967

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.14 views

SUSE CVE-2026-9971

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.14 views

SUSE CVE-2026-9989

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. Chromium security severity: High...

6.3CVSS5.8AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.14 views

SUSE CVE-2026-10002

Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

8.8CVSS5.8AI score0.0018EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.14 views

SUSE CVE-2026-10011

Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.8AI score0.00164EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.14 views

SUSE CVE-2026-10014

Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00185EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.14 views

SUSE CVE-2026-10016

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:8 a.m.14 views

SUSE CVE-2026-32792

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support '--enable-dnscrypt'. A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit...

5.9CVSS6AI score0.00337EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/30 2:7 a.m.14 views

SUSE CVE-2026-41565

CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer...

7.5CVSS6.1AI score0.00469EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:5 a.m.14 views

SUSE CVE-2026-44390

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses with very large RRsets with records that don't share a suffix above the root can cause Unbound to...

5.9CVSS5.8AI score0.00556EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.14 views

SUSE CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00127EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.14 views

SUSE CVE-2026-48525

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

7.5CVSS5.8AI score0.00288EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.14 views

SUSE CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:22 a.m.14 views

SUSE CVE-2026-23679

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

6.9CVSS5.9AI score0.00184EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:20 a.m.14 views

SUSE CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

6.1CVSS5.8AI score0.00203EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:17 a.m.14 views

SUSE CVE-2026-46104

In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperms currently dereference sk-sksecurity directly, which assumes the...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:17 a.m.14 views

SUSE CVE-2026-46110

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Prevent NULL deref when RX memory exhausted The CPU receives frames from the MAC through conventional DMA: the CPU allocates buffers for the MAC, then the MAC fills them and returns ownership to the CPU. For each...

4.7CVSS5.9AI score0.005EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.14 views

SUSE CVE-2026-46118

In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix null ptr deref in paprhvpipedevcreatehandle commit 6d3789d347a7 "papr-hvpipe: convert paprhvpipedevcreatehandle to FDPREPARE", changed the create handle to FDPREPARE, but it caused kernel null-ptr-deref...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.14 views

SUSE CVE-2026-46132

In the Linux kernel, the following vulnerability has been resolved: net: rtnetlink: zero iflavfbroadcast to avoid stack infoleak in rtnlfillvfinfo rtnlfillvfinfo declares struct iflavfbroadcast on the stack without initialisation: struct iflavfbroadcast vfbroadcast; The struct contains a single...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.14 views

SUSE CVE-2026-46136

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix a potential clc buffer length underflow The buflen is used to limit the iterations for retrieving the country power setting and may underflow under certain conditions due to changes in the power table in...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.14 views

SUSE CVE-2026-46190

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed to spinorprintflags using sizeofsnorfnames. Since snorfnames is an arr...

5.5CVSS5.8AI score0.00131EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:14 a.m.14 views

SUSE CVE-2026-46215

In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in changehandle There was a potential race condition in changehandle. The ioctl briefly had a single object with two idr entries; a concurrent gemclose could delete the object and...

7CVSS5.8AI score0.00133EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:14 a.m.14 views

SUSE CVE-2026-46233

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...

4.7CVSS5.7AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:14 a.m.14 views

SUSE CVE-2026-46235

In the Linux kernel, the following vulnerability has been resolved: media: saa7164: add ioremap return checks and cleanups Add checks for ioremap return values in saa7164devsetup. If ioremap for BAR0 or BAR2 fails, release the already allocated PCI memory regions, remove the device from the globa...

4.7CVSS5.8AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:14 a.m.14 views

SUSE CVE-2026-46236

In the Linux kernel, the following vulnerability has been resolved: media: rc: xboxremote: heed DMA restrictions The buffer for IO must not be part of the device structure because that violates the DMA coherency rules...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 4:1 a.m.14 views

SUSE CVE-2025-71304

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...

5.7AI score0.0016EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.14 views

SUSE CVE-2026-44172

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

7.4CVSS5.5AI score0.00419EPSS
Exploits0References9
Total number of security vulnerabilities5000