Lucene search
K
SusecveMost viewed

59380 matches found

SUSE CVE
SUSE CVE
•added 2026/06/25 2:19 a.m.•8 views

SUSE CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/25 2:19 a.m.•8 views

SUSE CVE-2026-57053

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idnatounicodeinternal. The affected code is not present in libidn2...

4CVSS5.9AI score0.0011EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/24 2:44 a.m.•8 views

SUSE CVE-2026-12549

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

4.8CVSS5.9AI score0.00317EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/24 2:44 a.m.•8 views

SUSE CVE-2026-12891

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/24 2:44 a.m.•8 views

SUSE CVE-2026-12969

An out-of-bounds read vulnerability exists in dnsmasq's findsoa function in src/rfc1035.c. When parsing NS section records, extractname is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can...

6.5CVSS6AI score0.0025EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/24 2:36 a.m.•8 views

SUSE CVE-2026-46611

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS5.9AI score0.00156EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/23 2:28 a.m.•8 views

SUSE CVE-2026-23879

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS6.2AI score0.00404EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/23 2:20 a.m.•8 views

SUSE CVE-2026-52911

In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...

5.8AI score0.00362EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/23 2:20 a.m.•8 views

SUSE CVE-2026-53488

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...

8.8CVSS6AI score0.00203EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/23 2:19 a.m.•8 views

SUSE CVE-2026-56403

libexpat before 2.8.2 has an integer overflow in storeAtts...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:35 a.m.•8 views

SUSE CVE-2026-12050

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

5.3CVSS5.7AI score0.00245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:57 a.m.•8 views

SUSE CVE-2026-12321

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.8AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:57 a.m.•8 views

SUSE CVE-2026-12325

Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/19 1:50 a.m.•8 views

SUSE CVE-2026-49859

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name...

5.2CVSS5.8AI score0.00101EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:49 a.m.•8 views

SUSE CVE-2026-54761

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

7.1CVSS5.9AI score0.00318EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12314

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12315

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

9.1CVSS5.2AI score0.00251EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12327

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

8.1CVSS5.8AI score0.00407EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12329

Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12...

5.3CVSS5.3AI score0.00313EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12437

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.3AI score0.00279EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12439

Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.5AI score0.00323EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12441

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.5AI score0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12443

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00601EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12444

Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: High...

5.5CVSS5.2AI score0.00143EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12446

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.3AI score0.00194EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12447

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00417EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12452

Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00256EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12454

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00146EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12456

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: High...

4.2CVSS5.2AI score0.00137EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12458

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.3AI score0.0019EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12461

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.3AI score0.00242EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12464

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12466

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00426EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12468

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00143EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:54 a.m.•8 views

SUSE CVE-2026-47763

unknown...

5.2AI score0.00024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:54 a.m.•8 views

SUSE CVE-2026-47764

unknown...

5.2AI score0.00047EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:53 a.m.•8 views

SUSE CVE-2026-49854

unknown...

3.7CVSS5.8AI score0.00027EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/06/18 1:53 a.m.•8 views

SUSE CVE-2026-52718

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:53 a.m.•8 views

SUSE CVE-2026-52721

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...

5.3CVSS6AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:53 a.m.•8 views

SUSE CVE-2026-53703

A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...

7.1CVSS5.9AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:23 a.m.•8 views

SUSE CVE-2026-11832

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable...

5.3AI score0.00327EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:23 a.m.•8 views

SUSE CVE-2026-12294

Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

8.8CVSS5.2AI score0.00363EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/06/17 2:20 a.m.•8 views

SUSE CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.3AI score0.00435EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:16 a.m.•8 views

SUSE CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7CVSS5.9AI score0.00221EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•8 views

SUSE CVE-2026-44893

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.5AI score0.00594EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•8 views

SUSE CVE-2026-50012

unknown...

5.2AI score
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•8 views

SUSE CVE-2026-12008

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.4AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•8 views

SUSE CVE-2026-12024

Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.3AI score0.00158EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•8 views

SUSE CVE-2026-12029

Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•8 views

SUSE CVE-2026-12033

Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.3AI score0.00189EPSS
Exploits0References3
Total number of security vulnerabilities5000