Lucene search
K
SusecveMost viewed

59855 matches found

SUSE CVE
SUSE CVE
added 2026/05/27 2:52 a.m.13 views

SUSE CVE-2026-9541

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...

5.3CVSS5.8AI score0.0017EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/27 2:48 a.m.13 views

SUSE CVE-2026-41045

A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user...

8.1CVSS5.9AI score0.00136EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 2:47 a.m.13 views

SUSE CVE-2026-48863

unknown...

7.5CVSS5.8AI score
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/05/27 2:47 a.m.13 views

SUSE CVE-2026-48864

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable application, can lea...

7.8CVSS5.9AI score0.00205EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/26 2:1 a.m.13 views

SUSE CVE-2023-2058

A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument...

6.1CVSS3.8AI score0.00604EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.13 views

SUSE CVE-2026-43495

In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate portcount against message length in t7xxportenummsghandler t7xxportenummsghandler uses the modem-supplied portcount field as a loop bound over portmsg-data without checking that the message buffer contai...

6.1CVSS5.9AI score0.00272EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.13 views

SUSE CVE-2026-43617

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

4.8CVSS5.8AI score0.00282EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.13 views

SUSE CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS6AI score0.0078EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.13 views

SUSE CVE-2026-43620

Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...

6.5CVSS5.8AI score0.00503EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.13 views

SUSE CVE-2026-44063

An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.13 views

SUSE CVE-2026-44068

Incomplete sanitization of extended attribute EA path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names...

7.6CVSS5.8AI score0.00322EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.13 views

SUSE CVE-2026-44074

Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths...

3.7CVSS5.8AI score0.00329EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.13 views

SUSE CVE-2026-47251

unknown...

6.1CVSS5.8AI score0.00019EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/21 1:12 p.m.13 views

SUSE CVE-2026-9116

Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 1:12 p.m.13 views

SUSE CVE-2026-9124

Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 3:2 a.m.13 views

SUSE CVE-2019-10171

It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service...

7.8CVSS5.8AI score0.01357EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/21 3:0 a.m.13 views

SUSE CVE-2021-25736

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...

6.3CVSS7AI score0.00908EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 2:55 a.m.13 views

SUSE CVE-2023-20593

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information...

6.2CVSS6.7AI score0.05794EPSS
Exploits1References63
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.13 views

SUSE CVE-2026-24192

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, da...

7.8CVSS6.1AI score0.00206EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.13 views

SUSE CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

6.5CVSS5.7AI score0.00301EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/21 2:28 a.m.13 views

SUSE CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

7CVSS5.8AI score0.00478EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.13 views

SUSE CVE-2026-8711

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.8CVSS6.2AI score0.00889EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.13 views

SUSE CVE-2026-8950

Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.13 views

SUSE CVE-2026-8952

Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.3CVSS5.8AI score0.00373EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.13 views

SUSE CVE-2026-8955

Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.3CVSS5.8AI score0.00386EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.13 views

SUSE CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

7.2CVSS6.1AI score0.00287EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.13 views

SUSE CVE-2026-8401

Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11...

8.3CVSS5.8AI score0.00313EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/16 6:2 p.m.13 views

SUSE CVE-2026-44774

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:16 a.m.13 views

SUSE CVE-2026-4152

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.6AI score0.00744EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.13 views

SUSE CVE-2026-8515

Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.13 views

SUSE CVE-2026-8516

Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity:...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.13 views

SUSE CVE-2026-8560

Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6AI score0.00251EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.13 views

SUSE CVE-2026-8561

Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS5.8AI score0.00184EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.13 views

SUSE CVE-2026-8582

Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:12 a.m.13 views

SUSE CVE-2026-41181

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...

5.8CVSS5.8AI score0.00445EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.13 views

SUSE CVE-2026-43996

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decodepixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.13 views

SUSE CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

2.5CVSS5.7AI score0.00096EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/15 2:0 a.m.13 views

SUSE CVE-2026-1188

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to...

8.1CVSS7.6AI score0.00491EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.13 views

SUSE CVE-2026-42561

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...

7.5CVSS5.8AI score0.00549EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.13 views

SUSE CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

7.5CVSS5.9AI score0.00927EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/14 3:30 a.m.13 views

SUSE CVE-2003-0098

Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server...

10CVSS5.8AI score0.05174EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/14 3:1 a.m.13 views

SUSE CVE-2026-42945

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression PCRE capture for example, $1, $2 with a replacement strin...

8.6CVSS6.4AI score0.61469EPSS
Exploits40References13
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.13 views

SUSE CVE-2026-4802

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8.8CVSS6AI score0.01016EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.13 views

SUSE CVE-2026-7814

Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...

4.8CVSS5.7AI score0.00163EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.13 views

SUSE CVE-2026-7817

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS6AI score0.00217EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.13 views

SUSE CVE-2026-7818

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

7.3CVSS6.5AI score0.00131EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:38 a.m.13 views

SUSE CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.13 views

SUSE CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

5.5CVSS5.9AI score0.00158EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.13 views

SUSE CVE-2026-41257

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond 1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for a...

7CVSS5.8AI score0.00142EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.13 views

SUSE CVE-2026-43329

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...

7.8CVSS5.8AI score0.00141EPSS
Exploits0References24
Total number of security vulnerabilities5000