Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/05/12 3:31 a.m.•17 views

SUSE CVE-2026-43291

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...

8.3CVSS5.8AI score0.00269EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:14 p.m.•17 views

SUSE CVE-2026-43292

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...

5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•17 views

SUSE CVE-2026-43124

In the Linux kernel, the following vulnerability has been resolved: pstore: ramcore: fix incorrect success return when vmap fails In persistentramvmap, vmap may return NULL on failure. If offset is non-zero, adding offsetinpagestart causes the function to return a non-NULL pointer even though the...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:40 a.m.•17 views

SUSE CVE-2026-43229

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix device cleanup order to prevent kernel panic Move video device unregistration to the beginning of the remove function to ensure all video operations are stopped before cleaning up the worker thread...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:39 a.m.•17 views

SUSE CVE-2015-1346

Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors...

7.5CVSS7.3AI score0.01165EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:20 a.m.•17 views

SUSE CVE-2026-43207

In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix error handling in probe function Add mtkmdpunregisterm2mdevice on the error handling path to prevent resource leak. Add check for the return value of vpugetplatdevice to prevent null pointer dereference. And...

5.8AI score0.00139EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:21 a.m.•17 views

SUSE CVE-2026-31736

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkppe: avoid NULL deref when gmac0 is disabled If the gmac0 is disabled, the precheck for a valid ingress device will cause a NULL pointer deref and crash the system. This happens because eth-netdev0 will be NULL...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/05/07 2:21 a.m.•17 views

SUSE CVE-2026-31748

In the Linux kernel, the following vulnerability has been resolved: comedi: medaq: Fix potential overrun of firmware buffer me2600xilinxdownload loads the firmware that was requested by requestfirmware. It is possible for it to overrun the source buffer because it blindly trusts the file format. ...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:19 a.m.•17 views

SUSE CVE-2026-43019

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hciconn from...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:17 a.m.•17 views

SUSE CVE-2026-43120

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to reregusermr If IBMRREREGTRANS is set during reregusermr, the umem will be released and a new one will be allocated in irdmareregmrtrans. If any step of irdmareregmrtrans fails after the new...

7.1CVSS5.8AI score0.00122EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/05/07 2:17 a.m.•17 views

SUSE CVE-2026-43139

In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6getsaddr xfrm6getsaddr does not check the return value of ipv6devgetsaddr. When ipv6devgetsaddr fails to find a suitable source address returns -EADDRNOTAVAIL, saddr-in6 is left uninitialize...

8.6CVSS5.8AI score0.00375EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:17 a.m.•17 views

SUSE CVE-2026-43226

In the Linux kernel, the following vulnerability has been resolved: net/rds: No shortcut out of RDSCONNERROR RDS connections carry a state "rdsconnpath::cpstate" and transitions from one state to another and are conditional upon an expected state: "rdsconnpathtransition." There is one exception t...

7.5CVSS5.8AI score0.00523EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/05 1:45 a.m.•17 views

SUSE CVE-2026-33523

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

8.7CVSS5.8AI score0.00436EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/05/05 1:45 a.m.•17 views

SUSE CVE-2026-43024

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject immediate NFQUEUE verdict nftqueue is always used from userspace nftables to deliver the NFQUEUE verdict. Immediately emitting an NFQUEUE verdict is never used by the userspace nft tools, so reject...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/04/14 11:26 p.m.•17 views

SUSE CVE-2026-34481

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

5.3CVSS5.8AI score0.00555EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/03/25 12:25 a.m.•17 views

SUSE CVE-2026-29194

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorization checks without verifying that the host is...

8.6CVSS5.8AI score0.00366EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/05 12:25 a.m.•17 views

SUSE CVE-2026-23060

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, cryptoauthencesndecrypt can advance past the end of...

6.5CVSS5.2AI score0.00123EPSS
Exploits0References27
SUSE CVE
SUSE CVE
•added 2026/01/26 12:24 a.m.•17 views

SUSE CVE-2026-23007

In the Linux kernel, the following vulnerability has been resolved: block: zero non-PI portion of auto integrity buffer The auto-generated integrity buffer for writes needs to be fully initialized before being passed to the underlying block device, otherwise the uninitialized memory can be read...

5.5CVSS5.4AI score0.00135EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/17 12:31 a.m.•17 views

SUSE CVE-2025-15107

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...

8.1CVSS6.5AI score0.00564EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2025/12/31 12:32 a.m.•17 views

SUSE CVE-2022-50784

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone If cloning the SKB fails, don't try to use it, but rather return as if we should pass it. Coverity CID: 1503456...

5.5CVSS6.5AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/02/14 4:15 a.m.•17 views

SUSE CVE-2024-50052

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post...

4.3CVSS7.9AI score0.0027EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/03/23 4:9 a.m.•17 views

SUSE CVE-2023-1530

Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.0082EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2023/02/15 5:47 a.m.•17 views

SUSE CVE-2012-2147

munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service disk or memory consumption via many image requests with large values in the 1 sizex or 2 sizey parameters...

5CVSS6.9AI score0.01863EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:0 a.m.•17 views

SUSE CVE-2016-5843

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System OTRS allow remote attackers to execute arbitrary SQL commands via crafted search parameters...

9.4CVSS8.8AI score0.03209EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:39 a.m.•17 views

SUSE CVE-2021-36777

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service...

8.8CVSS8.5AI score0.00895EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/30 1:44 a.m.•16 views

SUSE CVE-2026-48802

unknown...

5.7AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/30 1:42 a.m.•16 views

SUSE CVE-2026-55371

unknown...

5.7AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:32 a.m.•16 views

SUSE CVE-2026-11634

Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.5AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•16 views

SUSE CVE-2026-46274

In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in iowqremovepending iowqremovepending needs to fix up wq-hashtail if the cancelled work was the tail of its hash bucket. When doing this, it checks whether the preceding entry in...

7CVSS5.4AI score0.00138EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/07 4:51 a.m.•16 views

SUSE CVE-2026-10883

Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.5AI score0.0039EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/04 2:31 a.m.•16 views

SUSE CVE-2025-71314

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthorgpuflushcaches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can recov...

5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/03 2:32 a.m.•16 views

SUSE CVE-2026-5422

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

8.1CVSS6.7AI score0.00437EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/03 2:25 a.m.•16 views

SUSE CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/03 2:23 a.m.•16 views

SUSE CVE-2026-45157

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS5.7AI score0.00231EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/02 1:42 a.m.•16 views

SUSE CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/06/02 1:38 a.m.•16 views

SUSE CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7CVSS6.3AI score0.00132EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/05/31 1:35 a.m.•16 views

SUSE CVE-2026-41240

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214. The same fix was not...

6.1CVSS5.7AI score0.00263EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/05/30 2:19 a.m.•16 views

SUSE CVE-2026-9891

Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: Critical...

9CVSS5.8AI score0.00245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:18 a.m.•16 views

SUSE CVE-2026-9902

Use after free in Accessibility in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:18 a.m.•16 views

SUSE CVE-2026-9905

Use after free in Accessibility in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:18 a.m.•16 views

SUSE CVE-2026-9907

Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:18 a.m.•16 views

SUSE CVE-2026-9908

Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:18 a.m.•16 views

SUSE CVE-2026-9919

Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:18 a.m.•16 views

SUSE CVE-2026-9924

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:17 a.m.•16 views

SUSE CVE-2026-9932

Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:17 a.m.•16 views

SUSE CVE-2026-9945

Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:17 a.m.•16 views

SUSE CVE-2026-9955

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:16 a.m.•16 views

SUSE CVE-2026-9965

Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:16 a.m.•16 views

SUSE CVE-2026-9970

Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:16 a.m.•16 views

SUSE CVE-2026-9988

Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00173EPSS
Exploits0References3
Total number of security vulnerabilities5000