Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/06/07 4:38 a.m.•12 views

SUSE CVE-2026-22009

unknown...

6.5CVSS7.4AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/06 2:53 a.m.•12 views

SUSE CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

7.8CVSS6.1AI score0.00156EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/06/05 3:39 a.m.•12 views

SUSE CVE-2024-50102

In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Litetm" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether an access is in user...

5.5CVSS6.7AI score0.00239EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/06/05 3:16 a.m.•12 views

SUSE CVE-2026-8829

HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...

4.8CVSS5.9AI score0.0031EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/04 2:42 a.m.•12 views

SUSE CVE-2022-46280

A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS7AI score0.00843EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/06/04 2:31 a.m.•12 views

SUSE CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

7.5CVSS5.8AI score0.00492EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/04 2:30 a.m.•12 views

SUSE CVE-2026-6873

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

4.8CVSS5.8AI score0.00245EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/06/04 2:27 a.m.•12 views

SUSE CVE-2026-27145

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

3.3CVSS5.9AI score0.00904EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/06/04 2:27 a.m.•12 views

SUSE CVE-2026-28901

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS5.8AI score0.00389EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/06/04 2:23 a.m.•12 views

SUSE CVE-2026-45682

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running...

7.5CVSS5.7AI score0.00161EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/04 2:23 a.m.•12 views

SUSE CVE-2026-45686

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing...

7.5CVSS5.9AI score0.00353EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/04 2:21 a.m.•12 views

SUSE CVE-2026-46247

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 "clk: divider: remove roundrate in favor of determinerate" determining GFX3D clock rate crashes, because the passed parent map doesn't provide the...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/04 2:21 a.m.•12 views

SUSE CVE-2026-46250

In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...

7.3CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/04 2:21 a.m.•12 views

SUSE CVE-2026-46252

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...

5.5CVSS5.8AI score0.00091EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/04 2:21 a.m.•12 views

SUSE CVE-2026-46255

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsledmaengine::muxclk are allocated and enabled with devmclkgetenabled, which automatically cleans these resources up, but these clocks are also manual...

5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/04 2:21 a.m.•12 views

SUSE CVE-2026-46270

In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

5.7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/04 2:21 a.m.•12 views

SUSE CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

5.3CVSS5.8AI score0.0015EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/04 2:21 a.m.•12 views

SUSE CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

6.3CVSS6.1AI score0.003EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2026/06/02 1:44 a.m.•12 views

SUSE CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/02 1:44 a.m.•12 views

SUSE CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

4.8CVSS5.3AI score0.00113EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/02 1:44 a.m.•12 views

SUSE CVE-2026-10231

A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extractanimvalue of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. The attack must be...

5.3CVSS6.2AI score0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/02 1:44 a.m.•12 views

SUSE CVE-2026-10233

A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::readsequenceinfos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to...

4.8CVSS5.3AI score0.00113EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/02 1:38 a.m.•12 views

SUSE CVE-2026-44420

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard cliprdr channel by sending a CBCLIPCAPS PDU with a too-small capabilitySetLength. This can crash the server process...

8.8CVSS6.2AI score0.03472EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/06/02 1:38 a.m.•12 views

SUSE CVE-2026-44422

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two...

7.5CVSS5.8AI score0.00384EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/06/02 1:38 a.m.•12 views

SUSE CVE-2026-45372

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check isfieldvalue is run before decoding, so encode...

8.1CVSS5.6AI score0.00295EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/02 1:38 a.m.•12 views

SUSE CVE-2026-45613

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:17 a.m.•12 views

SUSE CVE-2026-9939

Heap buffer overflow in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.4AI score0.00412EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:17 a.m.•12 views

SUSE CVE-2026-9944

Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.8AI score0.00197EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:17 a.m.•12 views

SUSE CVE-2026-9948

Use after free in Views in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:17 a.m.•12 views

SUSE CVE-2026-9960

Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted font file. Chromium security severity: High...

7.5CVSS6.3AI score0.00235EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:16 a.m.•12 views

SUSE CVE-2026-9966

Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.9AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:16 a.m.•12 views

SUSE CVE-2026-9974

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:16 a.m.•12 views

SUSE CVE-2026-9984

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00234EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:16 a.m.•12 views

SUSE CVE-2026-9986

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

4.2CVSS5.8AI score0.00145EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:15 a.m.•12 views

SUSE CVE-2026-10010

Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5CVSS5.7AI score0.00125EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:15 a.m.•12 views

SUSE CVE-2026-10013

Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00319EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:15 a.m.•12 views

SUSE CVE-2026-10018

Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•12 views

SUSE CVE-2026-48163

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.8AI score0.00654EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•12 views

SUSE CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

8.8CVSS6.1AI score0.0051EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:20 a.m.•12 views

SUSE CVE-2026-45134

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:17 a.m.•12 views

SUSE CVE-2026-46107

In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalancechildren. If the internal btree node has one entry, the code tries to copy all btree entries from the node's child to the node itself and...

6.1CVSS5.8AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:17 a.m.•12 views

SUSE CVE-2026-46112

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hnsroceqpremove Sashiko points out that hnsroceqpremove requires the caller to hold locks. The error flow in hnsrocecreateqpcommon doesn't hold those locks for the error unwind so it risks corruptin...

5.3CVSS5.8AI score0.001EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:17 a.m.•12 views

SUSE CVE-2026-46113

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This assumption breaks for shadow paging if the guest page tables are modifie...

8.8CVSS5.7AI score0.00126EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2026/05/29 1:16 a.m.•12 views

SUSE CVE-2026-46122

In the Linux kernel, the following vulnerability has been resolved: wifi: b43: enforce bounds check on firmware key index in b43rx The firmware-controlled key index in b43rx can exceed the dev-key array size 58 entries. The existing B43WARNON is non-enforcing in production builds, allowing an...

6.1CVSS5.8AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:16 a.m.•12 views

SUSE CVE-2026-46123

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...

7.7CVSS5.9AI score0.00142EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/05/29 1:16 a.m.•12 views

SUSE CVE-2026-46144

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix error unwind in manaibcreateqprss Sashiko points out that manaibcfgvportsteering is leaked, the normal destroy path cleans it up...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:16 a.m.•12 views

SUSE CVE-2026-46150

In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2026/05/29 1:15 a.m.•12 views

SUSE CVE-2026-46166

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211dfscaccancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-after-free error...

5.5CVSS5.8AI score0.00203EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/05/29 1:15 a.m.•12 views

SUSE CVE-2026-46172

In the Linux kernel, the following vulnerability has been resolved: ipv6: xfrm6: release dst on error in xfrm6rcvencap xfrm6rcvencap performs an IPv6 route lookup when the skb does not already have a dst attached. ip6routeinputlookup returns a referenced dst entry even when the lookup resolves to...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2026/05/29 1:15 a.m.•12 views

SUSE CVE-2026-46181

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References19
Total number of security vulnerabilities5000