Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/05/12 3:29 a.m.•10 views

SUSE CVE-2026-43466

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5eresettxqsqccpc resets dmafifocc to 0 but not dmafifopc, desyncing the DMA FIFO producer and consumer. After...

8.2CVSS5.8AI score0.00329EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:14 p.m.•10 views

SUSE CVE-2026-43290

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Return queued buffers on startstreaming failure Return buffers if streaming fails to start due to uvcpmget error. This bug may be responsible for a warning I got running while :; do yavta -c3 /dev/video0; done on...

7.8CVSS5.7AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:14 p.m.•10 views

SUSE CVE-2026-43342

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race conditions as they can be accessed concurrently through configfs. Use existing mutex to protect these options. This...

5.8AI score0.00086EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•10 views

SUSE CVE-2026-43372

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Fix error path in PTP IRQ setup If requestthreadedirq fails during the PTP message IRQ setup, the newly created IRQ mapping is never disposed. Indeed, the kszptpirqsetup's error path only frees the mappings...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•10 views

SUSE CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•10 views

SUSE CVE-2026-43447

In the Linux kernel, the following vulnerability has been resolved: iavf: fix PTP use-after-free during reset Commit 7c01dbfc8a1c5f "iavf: periodically cache PHC time" introduced a worker to cache PHC time, but failed to stop it during reset or disable. This creates a race condition where...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•10 views

SUSE CVE-2026-43454

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix for duplicate device in netdev hooks When handling NETDEVREGISTER notification, duplicate device registration must be avoided since the device may have been added by nftnetdevhookalloc already when creati...

7.8CVSS5.7AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•10 views

SUSE CVE-2026-43456

In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bondsetupbyslave kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP: 0010:pskbexpandhead+0xa08/0xfe0 net/core/skbuff.c:2306 RSP: 0018:ffffc90004aff760 EFLAGS:...

7.8CVSS5.7AI score0.00157EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•10 views

SUSE CVE-2026-43472

In the Linux kernel, the following vulnerability has been resolved: unshare: fix unsharefs handling There's an unpleasant corner case in unshare2, when we have a CLONENEWNS in flags and current-fs hadn't been shared at all; in that case copymntns gets passed current-fs instead of a private copy,...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•10 views

SUSE CVE-2026-44708

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•10 views

SUSE CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

2.9CVSS5.7AI score0.00428EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2026/05/09 2:48 a.m.•10 views

SUSE CVE-2025-71286

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol-ipccontroldata for bytes controls is: 1 sizeofstruct sofipc4controldata + // kernel only struct 2 sizeofstruct...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:47 a.m.•10 views

SUSE CVE-2026-7582

A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be approached locally...

5.3CVSS5.3AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:44 a.m.•10 views

SUSE CVE-2026-24767

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery SSRF vulnerability exists in the uploadViaURL functionality due to an unprotected HEAD request. While the subsequent file retrieval logic correctly enforces SSRF protections, t...

6.4CVSS5.9AI score0.00198EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:43 a.m.•10 views

SUSE CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/05/09 2:43 a.m.•10 views

SUSE CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS5.9AI score0.00371EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•10 views

SUSE CVE-2026-43123

In the Linux kernel, the following vulnerability has been resolved: fbcon: check return value of con2fbacquirenewinfo If fbconopen fails when called from con2fbacquirenewinfo then info-fbconpar pointer remains NULL which is later dereferenced. Add check for return value of the function...

5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•10 views

SUSE CVE-2026-43131

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•10 views

SUSE CVE-2026-43147

In the Linux kernel, the following vulnerability has been resolved: Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" This reverts commit 05703271c3cd "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV", which causes a deadlock by recursively takin...

5.5CVSS5.7AI score0.00095EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•10 views

SUSE CVE-2026-43159

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix null dereference in findnetwork The variable pwlan has the possibility of being NULL when passed into rtwfreenetworknolock which would later dereference the variable...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•10 views

SUSE CVE-2026-43167

In the Linux kernel, the following vulnerability has been resolved: xfrm: always flush state and policy upon NETDEVUNREGISTER event syzbot is reporting that "struct xfrmstate" refcount is leaking. unregisternetdevice: waiting for netdevsim0 to become free. Usage count = 2 reftracker:...

5.7AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•10 views

SUSE CVE-2026-43176

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate release report content before using for RTL8922DE The commit 957eda596c76 "wifi: rtw89: pci: validate sequence number of TX release report" does validation on existing chips, which somehow a release...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•10 views

SUSE CVE-2026-43185

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smbdirectpreparenegotiation smbdirectpreparenegotiation casts an unsigned u32 value from sp-maxrecvsize and req-preferredsendsize to a signed int before computing mintint, .... A maliciously provide...

9.8CVSS5.8AI score0.00622EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•10 views

SUSE CVE-2026-43192

In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dmputdevice when failing to get scsi dh name When commit fd81bc5cca8f "scsi: devicehandler: Return error pointer in scsidhattachedhandlername" added code to fail parsing the path if scsidhattachedhandlername...

5.8AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•10 views

SUSE CVE-2026-43195

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate user queue size constraints Add validation to ensure user queue sizes meet hardware requirements: - Size must be a power of two for efficient ring buffer wrapping - Size must be at least AMDGPUGPUPAGESIZE to...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•10 views

SUSE CVE-2026-43199

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5eipsecinitmacs by replacing mlx5querymacaddress with etheraddrcopy to get the local MAC address directly from...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:40 a.m.•10 views

SUSE CVE-2026-43208

In the Linux kernel, the following vulnerability has been resolved: net: do not pass flowid to setrpscpu Blamed commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. Compute flowid in setrpscpu, do not assume we can use the...

9.8CVSS5.8AI score0.00481EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:40 a.m.•10 views

SUSE CVE-2026-43212

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Make cpumaskofnode robust against NUMANONODE The arch definition of cpumaskofnode cannot handle NUMANONODE - which is a valid index - so add a check for this...

7.8CVSS5.8AI score0.00139EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:39 a.m.•10 views

SUSE CVE-2026-43281

In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fwmboxindexxlate Although it is guided that mbox-cells must be at least 1, there are many instances of mbox-cells = ; in the device tree. If that is the case and the corresponding mailbox...

7.1CVSS5.7AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:39 a.m.•10 views

SUSE CVE-2026-43410

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...

5.8AI score0.00116EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•10 views

SUSE CVE-2026-7896

Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.9AI score0.00281EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•10 views

SUSE CVE-2026-7901

Use after free in ANGLE in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00267EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•10 views

SUSE CVE-2026-7917

Use after free in Fullscreen in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00206EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•10 views

SUSE CVE-2026-7918

Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00206EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•10 views

SUSE CVE-2026-7925

Use after free in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•10 views

SUSE CVE-2026-7928

Use after free in WebRTC in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00338EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•10 views

SUSE CVE-2026-7929

Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•10 views

SUSE CVE-2026-7943

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.9AI score0.00163EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•10 views

SUSE CVE-2026-7944

Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

3.1CVSS5.7AI score0.002EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•10 views

SUSE CVE-2026-7948

Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. Chromium security severity: Medium...

7.5CVSS5.8AI score0.00131EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•10 views

SUSE CVE-2026-7959

Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

3.1CVSS5.7AI score0.00195EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•10 views

SUSE CVE-2026-7961

Insufficient validation of untrusted input in Permissions in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to leak cross-origin data via malicious network traffic. Chromium security severity: Medium...

4.3CVSS5.8AI score0.0017EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•10 views

SUSE CVE-2026-7963

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•10 views

SUSE CVE-2026-7966

Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

3.1CVSS5.7AI score0.00216EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•10 views

SUSE CVE-2026-7970

Use after free in TopChrome in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.8AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•10 views

SUSE CVE-2026-7977

Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.3CVSS5.8AI score0.00157EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•10 views

SUSE CVE-2026-7978

Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. Chromium security severity: Medium...

8.1CVSS5.8AI score0.00237EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:25 a.m.•10 views

SUSE CVE-2026-7985

Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.8AI score0.00206EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:25 a.m.•10 views

SUSE CVE-2026-8001

Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

8.3CVSS5.8AI score0.00178EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:25 a.m.•10 views

SUSE CVE-2026-8015

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.8AI score0.00159EPSS
Exploits0References3
Total number of security vulnerabilities5000