Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/06/13 2:19 a.m.•9 views

SUSE CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

6.5CVSS5.4AI score0.00349EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/06/13 2:19 a.m.•9 views

SUSE CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

5CVSS5.2AI score0.00259EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2026/06/13 2:17 a.m.•9 views

SUSE CVE-2026-46433

lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove to shift the frame payload 4 bytes left. The third argument byte count is s - 2 ETHERADDRLEN but should be s - 2...

6.5CVSS5.4AI score0.00225EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:16 a.m.•9 views

SUSE CVE-2026-49759

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...

8.8CVSS5.5AI score0.00497EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:16 a.m.•9 views

SUSE CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS5.6AI score0.00228EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/12 2:27 a.m.•9 views

SUSE CVE-2026-42488

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/06/12 2:27 a.m.•9 views

SUSE CVE-2026-42489

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

5.3CVSS5.8AI score0.00078EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/06/12 2:27 a.m.•9 views

SUSE CVE-2026-42563

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7CVSS5.7AI score0.00555EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/12 2:26 a.m.•9 views

SUSE CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS5.3AI score0.0062EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/12 2:26 a.m.•9 views

SUSE CVE-2026-45106

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS5.2AI score0.00208EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/12 2:25 a.m.•9 views

SUSE CVE-2026-48681

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...

8.1CVSS5.2AI score0.00601EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/12 2:25 a.m.•9 views

SUSE CVE-2026-48856

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

7.1CVSS5.3AI score0.00335EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/12 2:25 a.m.•9 views

SUSE CVE-2026-48860

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS5.4AI score0.00194EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/12 2:25 a.m.•9 views

SUSE CVE-2026-50127

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

5.9CVSS5.2AI score0.00291EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/12 2:25 a.m.•9 views

SUSE CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS5.3AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/12 2:25 a.m.•9 views

SUSE CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.7AI score0.00448EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/11 11:14 a.m.•9 views

SUSE CVE-2026-48724

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version 7.1.2-24...

5.5CVSS5.4AI score0.00103EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/11 11:14 a.m.•9 views

SUSE CVE-2026-48733

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

4.7CVSS5.2AI score0.00092EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:32 a.m.•9 views

SUSE CVE-2026-11632

Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS6AI score0.00264EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11638

Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.5AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11639

Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS6AI score0.00275EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11643

Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

8.1CVSS6AI score0.00271EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11645

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.01654EPSS
Exploits4References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11650

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00314EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11653

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.4AI score0.00225EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11661

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00242EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11664

Use after free in Payments in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11666

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

5.4CVSS5.5AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11667

Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the GPU process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.5AI score0.00215EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11669

Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.5AI score0.00213EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11670

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6AI score0.00224EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11671

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.5AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11677

Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00148EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:31 a.m.•9 views

SUSE CVE-2026-11678

Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.5AI score0.00177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:30 a.m.•9 views

SUSE CVE-2026-11689

Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

8.1CVSS5.4AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:30 a.m.•9 views

SUSE CVE-2026-11690

Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS6AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:30 a.m.•9 views

SUSE CVE-2026-11691

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00169EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:30 a.m.•9 views

SUSE CVE-2026-11695

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.5AI score0.00177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:30 a.m.•9 views

SUSE CVE-2026-11699

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00203EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:30 a.m.•9 views

SUSE CVE-2026-11701

Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS5.5AI score0.00178EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:29 a.m.•9 views

SUSE CVE-2026-29167

Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.3CVSS5.4AI score0.00663EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/06/10 2:25 a.m.•9 views

SUSE CVE-2026-46319

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...

7CVSS5.4AI score0.00125EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/10 2:25 a.m.•9 views

SUSE CVE-2026-46320

In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tapgetuserxdp tapgetuserxdp rejects a frame shorter than ETHHLEN with -EINVAL, and returns -ENOMEM when buildskb fails. Both paths jump to the err label without freeing the page that...

3.3CVSS5.4AI score0.00235EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:25 a.m.•9 views

SUSE CVE-2026-46323

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...

7CVSS5.3AI score0.00137EPSS
Exploits0References34
SUSE CVE
SUSE CVE
•added 2026/06/10 2:25 a.m.•9 views

SUSE CVE-2026-46332

In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352bootloaderrx appends each serdev chunk into the fixed rxbuffer before parsing bootloader packets. The helper can keep leftover bytes between callbacks and may recei...

6.4CVSS5.6AI score0.00193EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:25 a.m.•9 views

SUSE CVE-2026-48785

unknown...

4.8CVSS5.4AI score
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/10 2:25 a.m.•9 views

SUSE CVE-2026-52905

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

4.4CVSS5.4AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•9 views

SUSE CVE-2026-46295

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Do IRR scan in kvmapicupdateirr even if PIR is empty Fall back to apicfindhighestvector when PID.ON is set but PIR turns out to be empty, to correctly report the highest pending interrupt from the existing IRR. In a...

5.5CVSS5.4AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•10 views

SUSE CVE-2026-46311

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...

7CVSS5.4AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/08 1:5 a.m.•9 views

SUSE CVE-2026-1070

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...

4.3CVSS5.4AI score0.00158EPSS
Exploits0References3
Total number of security vulnerabilities5000