Lucene search
K
SusecveMost viewed

59178 matches found

SUSE CVE
SUSE CVE
added 2023/04/05 1:49 a.m.24 views

SUSE CVE-2023-28848

useroidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second...

5.4CVSS6.8AI score0.00333EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.24 views

SUSE CVE-2017-11658

In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters .. -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack...

7.5CVSS7AI score0.03327EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.23 views

SUSE CVE-2026-44170

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...

7.5CVSS5.5AI score0.00554EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/26 1:54 a.m.23 views

SUSE CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

8.1CVSS5.9AI score0.00848EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.23 views

SUSE CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/07 12:23 a.m.23 views

SUSE CVE-2026-25538

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.8CVSS5.5AI score0.00393EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/01/06 12:28 a.m.23 views

SUSE CVE-2025-13324

Mattermost versions 10.11.x = 10.11.5, 11.0.x = 11.0.4, 10.12.x = 10.12.2 fail to invalidate remote cluster invite tokens when using the legacy version 1 protocol or when the confirming party does not provide a refreshed token, which allows an attacker who has obtained an invite token to...

3.7CVSS7AI score0.00167EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.23 views

SUSE CVE-2005-3745

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

4.3CVSS7.4AI score0.25707EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.23 views

SUSE CVE-2010-0748

Transmission before 1.92 allows an attacker to cause a denial of service crash or possibly have other unspecified impact via a large number of tr arguments in a magnet link...

9.8CVSS7.3AI score0.01879EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:44 a.m.23 views

SUSE CVE-2017-9454

Buffer overflow in the aresparseareply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted DNS response...

7.5CVSS7.3AI score0.01992EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.23 views

SUSE CVE-2017-15759

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001b3f3."...

7.8CVSS8AI score0.02457EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.22 views

SUSE CVE-2026-12451

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00173EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/01 12:58 a.m.22 views

SUSE CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.01844EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/30 2:20 a.m.22 views

SUSE CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

4.8CVSS5.8AI score0.00872EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.22 views

SUSE CVE-2026-9888

Use after free in WebView in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/26 1:54 a.m.22 views

SUSE CVE-2026-7736

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...

7.5CVSS6.8AI score0.00454EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/19 1:51 a.m.22 views

SUSE CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

7.5CVSS5.7AI score0.00356EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.22 views

SUSE CVE-2026-43483

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is deactivated Explicitly set/clear CR8 write interception when AVIC is deactivated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/12 3:31 a.m.22 views

SUSE CVE-2026-43289

In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexecloadpurgatory derives image-start by locating eentry inside an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with overlapping shaddr, the...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/12/17 12:24 a.m.22 views

SUSE CVE-2025-68265

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...

5.8CVSS6.5AI score0.00178EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2025/12/12 1:24 a.m.22 views

SUSE CVE-2002-0363

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice...

7.5CVSS7.7AI score0.02109EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.22 views

SUSE CVE-2013-1866

OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability...

6.3CVSS7AI score0.00422EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.21 views

SUSE CVE-2026-9878

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00312EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.21 views

SUSE CVE-2026-9884

Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00368EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:24 a.m.21 views

SUSE CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/23 1:43 a.m.21 views

SUSE CVE-2015-2667

Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory...

7.2CVSS5.8AI score0.00776EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.21 views

SUSE CVE-2026-39827

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2026/05/21 2:47 a.m.21 views

SUSE CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

4.8CVSS6.8AI score0.00804EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2026/05/18 1:29 p.m.21 views

SUSE CVE-2021-47952

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...

9.8CVSS6.7AI score0.00696EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:49 a.m.21 views

SUSE CVE-2025-70071

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray...

7.5CVSS5.8AI score0.00523EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.21 views

SUSE CVE-2026-31708

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2ioctlqueryinfo QUERYINFO path smb2ioctlqueryinfo has two response-copy branches: PASSTHRUFSCTL and the default QUERYINFO path. The QUERYINFO branch clamps qi.inputbufferlength to the server-report...

8.1CVSS5.9AI score0.00307EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.21 views

SUSE CVE-2012-3189

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR...

7.8CVSS6.7AI score0.02024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/20 2:36 a.m.20 views

SUSE CVE-2026-9692

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

5.3CVSS5.8AI score0.00274EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:42 a.m.20 views

SUSE CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/31 1:32 a.m.20 views

SUSE CVE-2026-46242

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix epremove struct eventpoll / struct file UAF epremove via epremovefile cleared file-fep under file-flock but then kept using @file inside the critical section isfileepoll, hlistdelrcu through the head, spinunlock. A...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/31 1:32 a.m.20 views

SUSE CVE-2026-48501

GitHub CLI gh is GitHub's official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.20 views

SUSE CVE-2026-9873

Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.20 views

SUSE CVE-2026-9876

Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.20 views

SUSE CVE-2026-9877

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00223EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.20 views

SUSE CVE-2026-9887

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.20 views

SUSE CVE-2026-9899

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.20 views

SUSE CVE-2026-48156

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.20 views

SUSE CVE-2026-46121

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcgpath kfree with damonsysfslock Patch series "mm/damon/sysfs-schemes: fix use-after-free for memcgpath". Reads of 'memcgpath' and 'path' files in DAMON sysfs interface could race with their...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.20 views

SUSE CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

6.1CVSS5.9AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.20 views

SUSE CVE-2026-45843

In the Linux kernel, the following vulnerability has been resolved: slip: bound decode reads against the compressed packet length slhcuncompress parses a VJ-compressed TCP header by advancing a pointer through the packet via decode and pull16. Neither helper bounds-checks against isize, and decod...

6.3CVSS5.8AI score0.00278EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/26 1:52 a.m.20 views

SUSE CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

9.3CVSS6.2AI score0.00181EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/26 1:52 a.m.20 views

SUSE CVE-2026-48831

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap...

7.3CVSS5.8AI score0.00179EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/23 1:37 a.m.20 views

SUSE CVE-2023-53526

In the Linux kernel, the following vulnerability has been resolved: jbd2: check 'jh-btransaction' before removing it from checkpoint Following process will corrupt ext4 image: Step 1: jbd2journalcommittransaction jbd2journalinsertcheckpointjh, committransaction // Put jh into trans1-tcheckpointli...

5.9AI score0.00135EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.20 views

SUSE CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

8.1CVSS5.8AI score0.00295EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.20 views

SUSE CVE-2026-39832

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

8.4CVSS5.8AI score0.00338EPSS
Exploits0References18
Total number of security vulnerabilities5000