Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/04/17 12:31 p.m.•10 views

SUSE CVE-2003-0972

Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" semicolon characters in escape sequences, which leads to a buffer overflow...

10CVSS6.5AI score0.03401EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/17 12:4 p.m.•10 views

SUSE CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...

8.6CVSS7.2AI score0.00691EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/04/17 12:4 p.m.•10 views

SUSE CVE-2026-6306

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6.5AI score0.00336EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/17 12:3 p.m.•10 views

SUSE CVE-2026-21726

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS5.7AI score0.00409EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:28 p.m.•10 views

SUSE CVE-2026-40179

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without...

5.4CVSS5.9AI score0.0024EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/04/15 11:26 p.m.•10 views

SUSE CVE-2026-33899

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when Magick parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-1...

5.3CVSS5.7AI score0.00428EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/04/14 11:25 p.m.•10 views

SUSE CVE-2026-34987

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9.9CVSS5.8AI score0.00278EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/14 11:25 p.m.•10 views

SUSE CVE-2026-35195

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the host attempts to write through the pointer. This...

5.9CVSS5.9AI score0.00216EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/13 11:26 p.m.•10 views

SUSE CVE-2026-31426

In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: clean up handlers on probe failure in acpiecsetup When ecinstallhandlers returns -EPROBEDEFER on reduced-hardware platforms, it has already started the EC and installed the address space handler with the struct acpiec...

6.6CVSS5.7AI score0.00111EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/04/13 11:26 p.m.•10 views

SUSE CVE-2026-31427

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix use of uninitialized rtpaddr in processsdp processsdp declares union nfinetaddr rtpaddr on the stack and passes it to the nfnatsip sdpsession hook after walking the SDP media descriptions. However...

4.5CVSS5.7AI score0.00115EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/04/13 11:26 p.m.•10 views

SUSE CVE-2026-34943

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits...

5.3CVSS5.8AI score0.00324EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:26 p.m.•10 views

SUSE CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS5.8AI score0.03494EPSS
Exploits1References12
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•10 views

SUSE CVE-2026-39395

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•10 views

SUSE CVE-2026-5872

Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.7AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:29 p.m.•10 views

SUSE CVE-2026-5909

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: Low...

8.8CVSS7.4AI score0.00195EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/08 11:26 p.m.•10 views

SUSE CVE-2026-28808

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

7.4CVSS5.8AI score0.0053EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/04/08 11:25 p.m.•10 views

SUSE CVE-2026-32283

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3...

5.9CVSS5.8AI score0.00621EPSS
Exploits0References44
SUSE CVE
SUSE CVE
•added 2026/04/08 11:24 p.m.•10 views

SUSE CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

6.2CVSS5.8AI score0.00383EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•10 views

SUSE CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS5.9AI score0.00406EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/04/03 11:27 p.m.•10 views

SUSE CVE-2026-23456

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodeint CONS case In decodeint, the CONS case calls getbitsbs, 2 to read a length value, then calls getuintbs, len without checking that len bytes remain in the buffer. The existing...

5.3CVSS5.7AI score0.00443EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•10 views

SUSE CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•10 views

SUSE CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•10 views

SUSE CVE-2026-34876

An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...

7.5CVSS5.8AI score0.0039EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•10 views

SUSE CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6AI score0.00426EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•10 views

SUSE CVE-2026-34159

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

9.8CVSS6.4AI score0.01126EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:39 a.m.•10 views

SUSE CVE-2026-23403

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verifyheader The function sets ns = NULL on every call, leaking the namespace string allocated in previous iterations when multiple profiles are unpacked. This also breaks namespace consistency checki...

6.6CVSS5.8AI score0.00177EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/03/31 11:28 p.m.•10 views

SUSE CVE-2026-5201

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for...

7.5CVSS6AI score0.01069EPSS
Exploits1References18
SUSE CVE
SUSE CVE
•added 2026/03/31 8:31 a.m.•10 views

SUSE CVE-2026-27880

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...

7.5CVSS5.8AI score0.00772EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/28 6:29 p.m.•10 views

SUSE CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.7AI score0.00427EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/28 12:28 a.m.•10 views

SUSE CVE-2026-27858

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No public...

7.5CVSS5.9AI score0.0079EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/03/28 12:25 a.m.•10 views

SUSE CVE-2026-33281

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/26 5:10 p.m.•10 views

SUSE CVE-2026-1519

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...

7.5CVSS5.8AI score0.01545EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/03/26 2:43 p.m.•10 views

SUSE CVE-2026-23396

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL deref in meshmatcheslocal meshmatcheslocal unconditionally dereferences ie-meshconfig to compare mesh configuration parameters. When called from meshrxcsaframe, the parsed action-frame elements may not...

6.5CVSS5.8AI score0.00114EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/03/25 4:56 p.m.•10 views

SUSE CVE-2026-23300

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/03/25 4:56 p.m.•10 views

SUSE CVE-2026-23301

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently findsdcaentityiot can allocate a string for the Entity name but it doesn't check if that allocation succeeded. Add the missing NULL check after the allocation...

5.7AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/25 4:56 p.m.•10 views

SUSE CVE-2026-23311

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

5.8AI score0.00093EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/25 4:56 p.m.•10 views

SUSE CVE-2026-23324

In the Linux kernel, the following vulnerability has been resolved: can: usb: etases58x: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if usbkillanchoredurbs is...

4.7CVSS5.7AI score0.00123EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/03/25 4:55 p.m.•10 views

SUSE CVE-2026-23367

In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace not with vendor namespaces, but if the undefined field 18 is used, the alignment/size is unknown as well. In...

6.3CVSS5.7AI score0.00123EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/03/25 4:55 p.m.•10 views

SUSE CVE-2026-23368

In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy ledtriggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDSTRIGGERNETDEV and LEDTRIGGERPHY are enabled: 1362.049207 ledtriggerregister+0x5c/0x1fc...

5.5CVSS5.7AI score0.00095EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/03/25 4:55 p.m.•10 views

SUSE CVE-2026-23382

In the Linux kernel, the following vulnerability has been resolved: HID: Add HIDCLAIMEDINPUT guards in rawevent callbacks missing them In commit 2ff5baa9b527 "HID: appleir: Fix potential NULL dereference at raw event handle", we handle the fact that raw event callbacks can happen even for a HID...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/03/25 11:53 a.m.•10 views

SUSE CVE-2026-4700

Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

5.4CVSS7.2AI score0.00459EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2026/03/25 11:52 a.m.•10 views

SUSE CVE-2026-4713

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

6.3CVSS7.2AI score0.00433EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2026/03/25 11:52 a.m.•10 views

SUSE CVE-2026-4728

Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

4.3CVSS7.2AI score0.00235EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/25 12:28 a.m.•10 views

SUSE CVE-2026-25075

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the...

7.5CVSS6AI score0.01013EPSS
Exploits2References9
SUSE CVE
SUSE CVE
•added 2026/03/25 12:28 a.m.•10 views

SUSE CVE-2026-25921

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...

9.3CVSS6.6AI score0.00327EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/25 12:27 a.m.•10 views

SUSE CVE-2026-25963

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet's certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

6.5CVSS5.7AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/25 12:25 a.m.•10 views

SUSE CVE-2026-30233

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...

6.5CVSS5.9AI score0.00417EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/25 12:25 a.m.•10 views

SUSE CVE-2026-30859

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/25 12:25 a.m.•10 views

SUSE CVE-2026-30861

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution RCE vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user...

9.9CVSS6.6AI score0.02054EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/25 12:25 a.m.•10 views

SUSE CVE-2026-30943

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...

4.1CVSS5.9AI score0.00179EPSS
Exploits0References3
Total number of security vulnerabilities5000