Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/06/24 2:44 a.m.•8 views

SUSE CVE-2026-12891

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/24 2:44 a.m.•8 views

SUSE CVE-2026-12969

An out-of-bounds read vulnerability exists in dnsmasq's findsoa function in src/rfc1035.c. When parsing NS section records, extractname is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can...

6.5CVSS6AI score0.0025EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/24 2:36 a.m.•8 views

SUSE CVE-2026-46606

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

7.8CVSS6.2AI score0.00213EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/24 2:36 a.m.•8 views

SUSE CVE-2026-46611

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS5.9AI score0.00156EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/23 2:31 a.m.•8 views

SUSE CVE-2025-70102

A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parseoption src/if-options.c:1886, the code performs a member access on a NULL pointer of type 'struct dhcpopt' when an unexpected/invalid option token or parsing state caus...

5.5CVSS5.9AI score0.00169EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/23 2:28 a.m.•8 views

SUSE CVE-2026-23879

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS6.2AI score0.00404EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/23 2:20 a.m.•8 views

SUSE CVE-2026-48715

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, printff copies up to 2032 bytes from attacker-controlled...

7.5CVSS6.1AI score0.00203EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/23 2:20 a.m.•8 views

SUSE CVE-2026-52909

In the Linux kernel, the following vulnerability has been resolved: ip6vti: set netnsimmutable on the fallback device. john1988 and Noam Rathaus reported that vti6initnet does not set the netnsimmutable flag on the per-netns fallback tunnel device ip6vti0. Other similar tunnel drivers like...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/23 2:20 a.m.•8 views

SUSE CVE-2026-52911

In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...

5.8AI score0.00362EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/23 2:20 a.m.•8 views

SUSE CVE-2026-53488

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...

8.8CVSS6AI score0.00203EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/23 2:19 a.m.•8 views

SUSE CVE-2026-56403

libexpat before 2.8.2 has an integer overflow in storeAtts...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:35 a.m.•8 views

SUSE CVE-2026-12050

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

5.3CVSS5.7AI score0.00245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:57 a.m.•8 views

SUSE CVE-2026-12321

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.8AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:57 a.m.•8 views

SUSE CVE-2026-12325

Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/19 1:50 a.m.•8 views

SUSE CVE-2026-49859

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name...

5.2CVSS5.8AI score0.00101EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:49 a.m.•8 views

SUSE CVE-2026-54761

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

7.1CVSS5.9AI score0.00318EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12314

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12315

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

9.1CVSS5.2AI score0.00251EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12327

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

8.1CVSS5.8AI score0.00407EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12329

Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12...

5.3CVSS5.3AI score0.00326EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12437

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.3AI score0.00279EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12439

Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.5AI score0.00323EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12441

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.5AI score0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12443

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00601EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12444

Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: High...

5.5CVSS5.2AI score0.00143EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12446

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.3AI score0.00194EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•8 views

SUSE CVE-2026-12447

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00417EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12452

Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00256EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12454

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00146EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12456

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: High...

4.2CVSS5.2AI score0.00137EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12458

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.3AI score0.0019EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12461

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.3AI score0.00242EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12464

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12466

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00426EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12467

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:59 a.m.•8 views

SUSE CVE-2026-12468

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00143EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:54 a.m.•8 views

SUSE CVE-2026-47763

unknown...

5.2AI score0.00024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:54 a.m.•8 views

SUSE CVE-2026-47764

unknown...

5.2AI score0.00047EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:53 a.m.•8 views

SUSE CVE-2026-49854

unknown...

3.7CVSS5.8AI score0.00027EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/06/18 1:53 a.m.•8 views

SUSE CVE-2026-52718

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:53 a.m.•8 views

SUSE CVE-2026-52721

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...

5.3CVSS6AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 1:53 a.m.•8 views

SUSE CVE-2026-53703

A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...

7.1CVSS5.9AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:25 a.m.•8 views

SUSE CVE-2025-61971

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...

5.9CVSS5.2AI score0.00116EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:23 a.m.•8 views

SUSE CVE-2026-11832

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable...

5.3AI score0.00327EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:24 a.m.•8 views

SUSE CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

5.4CVSS5.5AI score0.00139EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•8 views

SUSE CVE-2026-50012

unknown...

5.2AI score
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•8 views

SUSE CVE-2026-12008

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.4AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•8 views

SUSE CVE-2026-12025

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.3AI score0.00227EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•8 views

SUSE CVE-2026-12026

Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.3AI score0.00236EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•8 views

SUSE CVE-2026-12029

Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00191EPSS
Exploits0References3
Total number of security vulnerabilities5000