Lucene search
K
SusecveRecent

59380 matches found

SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•7 views

SUSE CVE-2026-34177

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...

9.1CVSS5.8AI score0.00363EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•5 views

SUSE CVE-2026-34178

In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...

9.1CVSS5.9AI score0.00424EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•5 views

SUSE CVE-2026-34179

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/fingerprint for restricted TLS certificate users, allowing a remote authenticated attacker to escalate...

9.1CVSS5.8AI score0.00274EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•5 views

SUSE CVE-2026-34483

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

4.8CVSS5.8AI score0.00461EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•7 views

SUSE CVE-2026-34486

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS5.8AI score0.15831EPSS
Exploits5References12
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•4 views

SUSE CVE-2026-34487

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...

5.9CVSS5.8AI score0.00447EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•5 views

SUSE CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

4.8CVSS5.8AI score0.00469EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•6 views

SUSE CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

9.3CVSS5.8AI score0.00249EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•5 views

SUSE CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS5.8AI score0.00233EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•7 views

SUSE CVE-2026-34734

HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5Tconvstruct. The original object was...

7.8CVSS5.7AI score0.00193EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•6 views

SUSE CVE-2026-34941

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of the input string when performing a bounds chec...

5.3CVSS5.8AI score0.00376EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•4 views

SUSE CVE-2026-34942

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be...

6.5CVSS5.8AI score0.00354EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•10 views

SUSE CVE-2026-39395

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•5 views

SUSE CVE-2026-39853

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

7.8CVSS6.1AI score0.00163EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•5 views

SUSE CVE-2026-39855

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When page hash processing is performed on a PE file, the function...

5.5CVSS6AI score0.00143EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•4 views

SUSE CVE-2026-39856

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•7 views

SUSE CVE-2026-39860

Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds typically the Nix daemon running as root in multi-user installations by following symlinks during...

9CVSS5.9AI score0.00193EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•5 views

SUSE CVE-2026-39892

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers e.g. Hash.update, this could lead to buffer overflows. This vulnerability is fixed in...

5.3CVSS6AI score0.00652EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/10 11:25 p.m.•7 views

SUSE CVE-2026-39977

flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...

7.1CVSS5.9AI score0.00288EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•5 views

SUSE CVE-2026-5860

Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.0048EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•5 views

SUSE CVE-2026-5861

Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.7AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•8 views

SUSE CVE-2026-5862

Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•8 views

SUSE CVE-2026-5863

Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00292EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•7 views

SUSE CVE-2026-5864

Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS7.5AI score0.00241EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•5 views

SUSE CVE-2026-5865

Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00422EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•4 views

SUSE CVE-2026-5866

Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•5 views

SUSE CVE-2026-5867

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

4.3CVSS7.5AI score0.00286EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•3 views

SUSE CVE-2026-5868

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.9AI score0.00339EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•4 views

SUSE CVE-2026-5869

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS7.5AI score0.00241EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•4 views

SUSE CVE-2026-5870

Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•4 views

SUSE CVE-2026-5871

Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.7AI score0.0033EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•10 views

SUSE CVE-2026-5872

Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.7AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•4 views

SUSE CVE-2026-5873

Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00379EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•4 views

SUSE CVE-2026-5874

Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS7.3AI score0.00253EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•3 views

SUSE CVE-2026-5875

Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS7.3AI score0.00189EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•4 views

SUSE CVE-2026-5876

Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS7.3AI score0.00247EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•4 views

SUSE CVE-2026-5877

Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

7.7AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•4 views

SUSE CVE-2026-5878

Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

7.3AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•3 views

SUSE CVE-2026-5879

Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.7AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•7 views

SUSE CVE-2026-5880

Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS7.3AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•4 views

SUSE CVE-2026-5881

Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

7.3AI score0.00217EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•2 views

SUSE CVE-2026-5882

Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

7.3AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:30 p.m.•5 views

SUSE CVE-2026-5883

Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.7AI score0.00289EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:29 p.m.•6 views

SUSE CVE-2026-5884

Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

7.7AI score0.00289EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:29 p.m.•5 views

SUSE CVE-2026-5885

Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS7.3AI score0.00237EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:29 p.m.•4 views

SUSE CVE-2026-5886

Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS7.3AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:29 p.m.•5 views

SUSE CVE-2026-5887

Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Chromium security severity: Medium...

7.3AI score0.00188EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:29 p.m.•3 views

SUSE CVE-2026-5888

Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS7.3AI score0.00258EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:29 p.m.•6 views

SUSE CVE-2026-5889

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...

4.3CVSS7.3AI score0.00102EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/09 11:29 p.m.•5 views

SUSE CVE-2026-5890

Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS7.3AI score0.0018EPSS
Exploits0References3
Total number of security vulnerabilities59380