Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.22 views

SUSE CVE-2026-31717

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...

8.8CVSS5.8AI score0.00437EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:27 a.m.22 views

SUSE CVE-2026-25542

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string refSource.URI against spec.resources.pattern...

6.5CVSS5.8AI score0.00264EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/01/06 12:28 a.m.22 views

SUSE CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS7.1AI score0.00145EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/12/17 12:24 a.m.22 views

SUSE CVE-2025-68265

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...

5.8CVSS6.5AI score0.00178EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/04/17 2:21 a.m.22 views

SUSE CVE-2024-25742

In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 VC at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES...

6.4CVSS6.7AI score0.0018EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.22 views

SUSE CVE-2012-3189

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR...

7.8CVSS6.7AI score0.02024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.22 views

SUSE CVE-2017-1000387

Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.buildpublisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to acce...

7.8CVSS7.2AI score0.00375EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.22 views

SUSE CVE-2017-1000390

Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build...

4.3CVSS4.8AI score0.00696EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/20 2:36 a.m.21 views

SUSE CVE-2026-9692

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

5.3CVSS5.8AI score0.00274EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:42 a.m.21 views

SUSE CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/31 1:32 a.m.21 views

SUSE CVE-2026-48501

GitHub CLI gh is GitHub's official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.21 views

SUSE CVE-2026-9873

Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.21 views

SUSE CVE-2026-9874

Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00234EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.21 views

SUSE CVE-2026-9876

Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.21 views

SUSE CVE-2026-9877

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00223EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.21 views

SUSE CVE-2026-9883

Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00291EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.21 views

SUSE CVE-2026-9899

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.21 views

SUSE CVE-2026-10001

Use after free in PerformanceManager in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00173EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.21 views

SUSE CVE-2026-10004

Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.21 views

SUSE CVE-2026-48156

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:23 a.m.21 views

SUSE CVE-2026-5946

Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN - for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths - recursio...

7.5CVSS5.9AI score0.0181EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.21 views

SUSE CVE-2026-46121

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcgpath kfree with damonsysfslock Patch series "mm/damon/sysfs-schemes: fix use-after-free for memcgpath". Reads of 'memcgpath' and 'path' files in DAMON sysfs interface could race with their...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.21 views

SUSE CVE-2026-46187

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exitkthreadcompleteandexit and external-stop kthreadstop when killing a kthread. Generally, kthreadstop is called first, and in thi...

5.5CVSS5.8AI score0.00093EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.21 views

SUSE CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

6.1CVSS5.9AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.21 views

SUSE CVE-2026-45843

In the Linux kernel, the following vulnerability has been resolved: slip: bound decode reads against the compressed packet length slhcuncompress parses a VJ-compressed TCP header by advancing a pointer through the packet via decode and pull16. Neither helper bounds-checks against isize, and decod...

6.3CVSS5.8AI score0.00278EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/05/26 1:52 a.m.21 views

SUSE CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

9.3CVSS6.2AI score0.00181EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/26 1:52 a.m.21 views

SUSE CVE-2026-48831

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap...

7.3CVSS5.8AI score0.00179EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/24 1:13 a.m.21 views

SUSE CVE-2022-50250

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix usecount leakage when handling boot-on I found a usecount leakage towards supply regulator of rdev with boot-on option. ───────────────────┐ ───────────────────┐ | regulatordev A | | regulatordev B | | boot-o...

5.5CVSS5.9AI score0.00147EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.21 views

SUSE CVE-2026-39834

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

7.5CVSS5.9AI score0.00466EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2026/05/22 2:22 a.m.21 views

SUSE CVE-2025-43023

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm DSA...

7.5CVSS5.8AI score0.00244EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/21 2:47 a.m.21 views

SUSE CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

4.8CVSS6.8AI score0.00804EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2026/05/21 2:28 a.m.21 views

SUSE CVE-2026-41470

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

8.2CVSS5.8AI score0.00486EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/18 1:21 p.m.21 views

SUSE CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:16 a.m.21 views

SUSE CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.21 views

SUSE CVE-2026-46483

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...

7.8CVSS5.9AI score0.00552EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.21 views

SUSE CVE-2026-7820

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/06 1:42 a.m.21 views

SUSE CVE-2026-31785

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xepagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xepagefaultservice after the VMA lookup. v2: - Apply max line length...

5.8AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/05 1:56 p.m.21 views

SUSE CVE-2026-20031

A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...

5.3CVSS5.8AI score0.00414EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/16 12:26 a.m.21 views

SUSE CVE-2026-23147

In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix the folio leak on S390 hardware acceleration BUG After commit aa60fe12b4f4 "btrfs: zlib: refactor S390x HW acceleration buffer preparation", we no longer release the folio of the page cache of folio returned by...

5.5CVSS5.3AI score0.00108EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/26 12:24 a.m.21 views

SUSE CVE-2026-23009

In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhcisidebandremoveendpoint incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during suspend/wake-u...

5.5CVSS5.2AI score0.00135EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/17 12:31 a.m.21 views

SUSE CVE-2025-15107

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...

8.1CVSS6.5AI score0.00564EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/01/09 12:23 a.m.21 views

SUSE CVE-2026-21883

Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist e.g., dashboard.corp, an attacker can register a domain like dashboard.corp.attacker.com or use a subdomain if applicable and lure a victim to visit it. The...

7.4CVSS6.8AI score0.00159EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/01/06 12:28 a.m.21 views

SUSE CVE-2025-12421

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email...

9.9CVSS7.3AI score0.0031EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/12/20 12:25 a.m.21 views

SUSE CVE-2025-68300

In the Linux kernel, the following vulnerability has been resolved: fs/namespace: fix reference leak in grabrequestedmntns lookupmntns already takes a reference on mntns. grabrequestedmntns doesn't need to take an extra reference...

6.5AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.21 views

SUSE CVE-2006-4517

Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service crash in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference...

7.8CVSS6.8AI score0.03234EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.21 views

SUSE CVE-2008-6682

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of 1 " double quote characters in the href attribute of an s:a tag and 2...

4.3CVSS6AI score0.05614EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:29 a.m.20 views

SUSE CVE-2026-9648

The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA's permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to...

9.1CVSS5.3AI score0.00223EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.20 views

SUSE CVE-2026-46316

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach and drops the cache's reference on each entry with vgicputirq. It puts...

7.8CVSS5.4AI score0.00188EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/05 3:7 a.m.20 views

SUSE CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:27 a.m.20 views

SUSE CVE-2024-13745

unknown...

5.8AI score
Exploits0References3
Total number of security vulnerabilities5000