Lucene search
K
SusecveMost viewed

59380 matches found

SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.8 views

SUSE CVE-2026-12437

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.3AI score0.00279EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.8 views

SUSE CVE-2026-12439

Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.5AI score0.00323EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.8 views

SUSE CVE-2026-12441

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.5AI score0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.8 views

SUSE CVE-2026-12443

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00601EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.8 views

SUSE CVE-2026-12444

Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: High...

5.5CVSS5.2AI score0.00143EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.8 views

SUSE CVE-2026-12446

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.3AI score0.00194EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.8 views

SUSE CVE-2026-12447

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00417EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.8 views

SUSE CVE-2026-12452

Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00256EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.8 views

SUSE CVE-2026-12454

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00146EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.8 views

SUSE CVE-2026-12456

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: High...

4.2CVSS5.2AI score0.00137EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.8 views

SUSE CVE-2026-12458

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.3AI score0.0019EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.8 views

SUSE CVE-2026-12461

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.3AI score0.00242EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.8 views

SUSE CVE-2026-12464

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.8 views

SUSE CVE-2026-12466

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00426EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.8 views

SUSE CVE-2026-12468

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00143EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:54 a.m.8 views

SUSE CVE-2026-47763

unknown...

5.2AI score0.00024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:54 a.m.8 views

SUSE CVE-2026-47764

unknown...

5.2AI score0.00047EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.8 views

SUSE CVE-2026-49854

unknown...

3.7CVSS5.8AI score0.00027EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.8 views

SUSE CVE-2026-52718

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.8 views

SUSE CVE-2026-52721

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...

5.3CVSS6AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.8 views

SUSE CVE-2026-53703

A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...

7.1CVSS5.9AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.8 views

SUSE CVE-2026-11832

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable...

5.3AI score0.00327EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.8 views

SUSE CVE-2026-12294

Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

8.8CVSS5.2AI score0.00363EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/17 2:20 a.m.8 views

SUSE CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.3AI score0.00435EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/17 2:16 a.m.8 views

SUSE CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7CVSS5.9AI score0.00221EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.8 views

SUSE CVE-2026-44705

tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....

8.7CVSS5.3AI score0.00354EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.8 views

SUSE CVE-2026-44893

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.5AI score0.00594EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.8 views

SUSE CVE-2026-45673

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS5.2AI score0.00256EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.8 views

SUSE CVE-2026-46340

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...

7.5CVSS5.5AI score0.00371EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.8 views

SUSE CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.8 views

SUSE CVE-2026-47729

unknown...

5.2AI score
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.8 views

SUSE CVE-2026-47766

unknown...

6.3CVSS5.2AI score0.00024EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/16 2:19 a.m.8 views

SUSE CVE-2026-50012

unknown...

5.2AI score
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/13 2:28 a.m.8 views

SUSE CVE-2026-12008

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.4AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:28 a.m.8 views

SUSE CVE-2026-12024

Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.3AI score0.00158EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:28 a.m.8 views

SUSE CVE-2026-12029

Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:28 a.m.8 views

SUSE CVE-2026-12033

Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.3AI score0.00189EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:28 a.m.8 views

SUSE CVE-2026-12034

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

8.3CVSS5.4AI score0.0018EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:19 a.m.8 views

SUSE CVE-2026-42768

Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...

4.2CVSS5.4AI score0.0035EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/13 2:19 a.m.8 views

SUSE CVE-2026-42769

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

5.9CVSS5.7AI score0.00262EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/13 2:16 a.m.8 views

SUSE CVE-2026-49759

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...

8.8CVSS5.5AI score0.00497EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:16 a.m.8 views

SUSE CVE-2026-53701

An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gsth266parserparsepicturepartition gsth266parser.c, the loop iterates without checking that the slice index stays within bounds, writin...

6.5CVSS5.4AI score0.00206EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:16 a.m.8 views

SUSE CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS5.6AI score0.00228EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:28 a.m.8 views

SUSE CVE-2026-41283

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

9.9CVSS5.6AI score0.00733EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:27 a.m.8 views

SUSE CVE-2026-42488

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/12 2:27 a.m.8 views

SUSE CVE-2026-42563

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7CVSS5.7AI score0.00555EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:26 a.m.8 views

SUSE CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS5.3AI score0.0062EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:26 a.m.8 views

SUSE CVE-2026-45106

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS5.2AI score0.00208EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.8 views

SUSE CVE-2026-46523

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue...

5.5CVSS5.2AI score0.00301EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.8 views

SUSE CVE-2026-47734

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack /...

5.7CVSS5.3AI score0.00188EPSS
Exploits0References3
Total number of security vulnerabilities5000