Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2026/05/10 1:11 a.m.8 views

SUSE CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

5.8CVSS7.1AI score0.00725EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/09 2:54 a.m.8 views

SUSE CVE-2025-38130

In the Linux kernel, the following vulnerability has been resolved: drm/connector: only call HDMI audio helper plugged cb if non-null On driver remove, sound/soc/codecs/hdmi-codec.c calls the pluggedcb with NULL as the callback function and codecdev, as seen in its hdmiremove function. The HDMI...

5.5CVSS5.8AI score0.00138EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:46 a.m.8 views

SUSE CVE-2026-8084

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...

5.5CVSS5.3AI score0.00264EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:43 a.m.8 views

SUSE CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

7.5CVSS5.8AI score0.00588EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/09 2:42 a.m.8 views

SUSE CVE-2026-43122

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.9AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:42 a.m.8 views

SUSE CVE-2026-43125

In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlmsearchrsbtree The len parameter in dlmdumprsbname is not validated and comes from network messages. When it exceeds DLMRESNAMEMAXLEN, it can cause out-of-bounds write in dlmsearchrsbtree. Add length...

5.5CVSS6.1AI score0.00426EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/09 2:42 a.m.8 views

SUSE CVE-2026-43132

In the Linux kernel, the following vulnerability has been resolved: dm-verity: correctly handle dmbufioclientcreate failure If either of the calls to dmbufioclientcreate in verityfecctr fails, then dmbufioclientdestroy is later called with an ERRPTR argument. That causes a crash. Fix this...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:42 a.m.8 views

SUSE CVE-2026-43143

In the Linux kernel, the following vulnerability has been resolved: mfd: core: Add locking around 'mfdofnodelist' Manipulating a list in the kernel isn't safe without some sort of mutual exclusion. Add a mutex any time we access / modify 'mfdofnodelist' to prevent possible crashes...

5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:41 a.m.8 views

SUSE CVE-2026-43165

In the Linux kernel, the following vulnerability has been resolved: hwmon: nct7363 Fix a resource leak in nct7363presentpwmfanin When calling ofparsephandlewithargs, the caller is responsible to call ofnodeput to release the reference of device node. In nct7363presentpwmfanin, it does not release...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:40 a.m.8 views

SUSE CVE-2026-43220

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: serialize sequence allocation under concurrent TLB invalidations With concurrent TLB invalidations, completion wait randomly gets timed out because cmdsemval was incremented outside the IOMMU spinlock, allowing...

5.7AI score0.00127EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:40 a.m.8 views

SUSE CVE-2026-43256

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrregupdate vfeisr iterates using MSMVFEIMAGEMASTERSNUM7 as the loop bound and passes the index to vfeisrregupdate. However, vfe-line array is defined with VFELINENUMMAX4:...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/09 2:40 a.m.8 views

SUSE CVE-2026-43260

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix RSS context delete logic We need to free the corresponding RSS context VNIC in FW everytime an RSS context is deleted in driver. Commit 667ac333dbb7 added a check to delete the VNIC in FW only when netifrunning is tru...

7.8CVSS5.7AI score0.00138EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.8 views

SUSE CVE-2026-43274

In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchpipcgetclusteraggrirq The clustercfg array is dynamically allocated to hold per-CPU configuration structures, with its size based on the number of online CPUs. Previously, thi...

8.4CVSS5.7AI score0.00131EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.8 views

SUSE CVE-2026-43280

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add bounds check on patindex to prevent OOB kernel read in madvise When user provides a bogus patindex value through the madvise IOCTL, the xepatindexgetcohmode function performs an array access without validating bounds...

7.1CVSS5.7AI score0.00118EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.8 views

SUSE CVE-2026-43401

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix NULL pointer dereference in updatecpuqosrequest The updatecpuqosrequest function attempts to initialize the 'freq' variable by dereferencing 'cpudata' before verifying if the 'policy' is valid. This issu...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.8 views

SUSE CVE-2026-43424

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.8 views

SUSE CVE-2026-43430

In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submitted. Otherwise there is a window during which...

5.8AI score0.00089EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.8 views

SUSE CVE-2026-43431

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...

5.7AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.8 views

SUSE CVE-2026-44353

Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...

6.5CVSS5.8AI score0.00345EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:27 a.m.8 views

SUSE CVE-2026-6863

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...

6.8CVSS5.7AI score0.00236EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:27 a.m.8 views

SUSE CVE-2026-7897

Use after free in Mobile in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS6.2AI score0.00308EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:27 a.m.8 views

SUSE CVE-2026-7898

Use after free in Chromoting in Google Chrome on Linux prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00309EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:27 a.m.8 views

SUSE CVE-2026-7905

Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.0022EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:27 a.m.8 views

SUSE CVE-2026-7910

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.7AI score0.0022EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:27 a.m.8 views

SUSE CVE-2026-7917

Use after free in Fullscreen in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00206EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.8 views

SUSE CVE-2026-7931

Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS5.8AI score0.0019EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.8 views

SUSE CVE-2026-7947

Insufficient validation of untrusted input in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.8AI score0.00186EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.8 views

SUSE CVE-2026-7952

Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.8AI score0.00172EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.8 views

SUSE CVE-2026-7953

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via malicious network traffic. Chromium security severity: Medium...

6.1CVSS5.9AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.8 views

SUSE CVE-2026-7956

Use after free in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.8 views

SUSE CVE-2026-7962

Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. Chromium security severity: Medium...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.8 views

SUSE CVE-2026-7965

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

3.1CVSS5.8AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.8 views

SUSE CVE-2026-7968

Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

3.1CVSS5.8AI score0.00216EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.8 views

SUSE CVE-2026-7972

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00238EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:25 a.m.8 views

SUSE CVE-2026-7984

Use after free in ReadingMode in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00267EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:25 a.m.8 views

SUSE CVE-2026-7988

Type Confusion in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00307EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:25 a.m.8 views

SUSE CVE-2026-7992

Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00223EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:25 a.m.8 views

SUSE CVE-2026-7996

Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.2CVSS5.8AI score0.00172EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:25 a.m.8 views

SUSE CVE-2026-8000

Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6.2AI score0.00247EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:25 a.m.8 views

SUSE CVE-2026-8011

Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:25 a.m.8 views

SUSE CVE-2026-8018

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. Chromium security severity: Low...

8.1CVSS5.8AI score0.00256EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:25 a.m.8 views

SUSE CVE-2026-8093

Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2 and Thunderbird 150.0.2...

7.5CVSS6AI score0.00323EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:22 a.m.8 views

SUSE CVE-2026-40243

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...

2.3CVSS5.8AI score0.00173EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:21 a.m.8 views

SUSE CVE-2026-41685

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

4.3CVSS5.7AI score0.00333EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:21 a.m.8 views

SUSE CVE-2026-42217

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...

6.5CVSS5.8AI score0.00393EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:21 a.m.8 views

SUSE CVE-2026-42285

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent...

7.5CVSS5.8AI score0.00418EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:24 a.m.8 views

SUSE CVE-2025-71273

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Use devmkmemdup in rtwsetsupportedband Simplify the code by using device managed memory allocations. This also fixes a memory leak in rtwregisterhw. The supported bands were not freed in the error path. Copied from...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:24 a.m.8 views

SUSE CVE-2025-71292

In the Linux kernel, the following vulnerability has been resolved: jfs: nlink overflow in jfsrename If nlink is maximal for a directory -1 and inside that directory you perform a rename for some child directory not moving from the parent, then the nlink of the first directory is first incremente...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:22 a.m.8 views

SUSE CVE-2026-25589

RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

7.5CVSS6.2AI score0.01331EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:20 a.m.8 views

SUSE CVE-2026-40110

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

7.3CVSS5.8AI score0.00333EPSS
Exploits0References3
Total number of security vulnerabilities5000