Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/04/16 11:28 p.m.•6 views

SUSE CVE-2026-34393

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17...

8.8CVSS5.7AI score0.00391EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:28 p.m.•6 views

SUSE CVE-2026-39845

Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround...

4.1CVSS5.7AI score0.00275EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:28 p.m.•10 views

SUSE CVE-2026-40179

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without...

5.4CVSS5.9AI score0.0024EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/04/16 11:28 p.m.•8 views

SUSE CVE-2026-40192

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...

7.5CVSS5.7AI score0.00671EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/16 11:28 p.m.•4 views

SUSE CVE-2026-40256

Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root path. This is not path-segment aware and can be bypassed whe...

5CVSS5.7AI score0.00324EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:28 p.m.•6 views

SUSE CVE-2026-40505

MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...

4.8CVSS5.9AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:28 p.m.•8 views

SUSE CVE-2026-40915

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel...

7.8CVSS6.2AI score0.00375EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:28 p.m.•6 views

SUSE CVE-2026-40916

A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service DoS. By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a...

5CVSS6AI score0.0021EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:27 p.m.•9 views

SUSE CVE-2026-40917

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

7.1CVSS5.9AI score0.00167EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:27 p.m.•8 views

SUSE CVE-2026-40918

A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service DoS. This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted P...

5.5CVSS6.1AI score0.00196EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:27 p.m.•6 views

SUSE CVE-2026-40919

A flaw was found in GIMP. This vulnerability, a buffer overflow in the file-seattle-filmworks plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service DoS, leading to the plugin crashing and potential...

6.1CVSS6AI score0.00331EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:27 p.m.•5 views

SUSE CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

2.9CVSS5.8AI score0.00131EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:27 p.m.•6 views

SUSE CVE-2026-40959

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...

9.3CVSS5.7AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:27 p.m.•5 views

SUSE CVE-2026-40960

Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...

8.1CVSS5.7AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:27 p.m.•7 views

SUSE CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

4.9CVSS5.8AI score0.00134EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/04/16 11:27 p.m.•5 views

SUSE CVE-2026-41015

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

7.4CVSS5.8AI score0.01156EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/16 11:27 p.m.•6 views

SUSE CVE-2026-41035

In rsync 3.0.1 through 3.4.1, receivexattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X aka --xattrs. On Linux, many but not all common configurations are vulnerable. Non-Linux platforms are more widely vulnerable...

7.2CVSS5.7AI score0.00393EPSS
Exploits1References19
SUSE CVE
SUSE CVE
•added 2026/04/16 9:8 a.m.•5 views

SUSE CVE-2005-3655

Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager novell-nrm in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter...

7.5CVSS6.5AI score0.05715EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/04/16 9:1 a.m.•5 views

SUSE CVE-2026-3392

A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function evaltree of the file src/lilyemitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to the public and could ...

5.5CVSS5.4AI score0.00167EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/04/15 11:26 p.m.•10 views

SUSE CVE-2026-33899

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when Magick parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-1...

5.3CVSS5.7AI score0.00428EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/04/15 11:26 p.m.•8 views

SUSE CVE-2026-33900

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a...

5.9CVSS5.7AI score0.00434EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/04/15 11:26 p.m.•8 views

SUSE CVE-2026-33901

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in...

7.5CVSS6AI score0.00566EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/04/15 11:26 p.m.•6 views

SUSE CVE-2026-33902

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This...

5.5CVSS5.8AI score0.00144EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/04/15 11:26 p.m.•9 views

SUSE CVE-2026-33908

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the DestroyXMLTree function; however, this process is executed recursively with no depth limit imposed. When...

7.5CVSS5.7AI score0.0051EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/04/15 11:26 p.m.•7 views

SUSE CVE-2026-34238

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. This issue has be...

5CVSS6AI score0.00148EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/04/15 11:25 p.m.•9 views

SUSE CVE-2026-40169

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19...

6.2CVSS5.7AI score0.0018EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/04/15 11:25 p.m.•7 views

SUSE CVE-2026-40183

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version 7.1.2-19...

5.5CVSS5.8AI score0.00187EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/04/15 11:25 p.m.•8 views

SUSE CVE-2026-40310

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 an...

5.5CVSS5.7AI score0.00189EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/04/15 11:25 p.m.•6 views

SUSE CVE-2026-40311

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versio...

5.5CVSS5.7AI score0.00184EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/04/15 11:25 p.m.•9 views

SUSE CVE-2026-40312

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19...

6.2CVSS5.7AI score0.00177EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/04/15 11:25 p.m.•13 views

SUSE CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

7.8CVSS6.1AI score0.01184EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/15 1:42 p.m.•12 views

SUSE CVE-2026-5713

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

6CVSS5.8AI score0.00132EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/04/15 1:41 p.m.•5 views

SUSE CVE-2026-33018

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the loadgif function in fromgif.c, where a single sixelframet object is reused across all frames of an animated GIF and gifinitframe unconditionally...

7CVSS5.8AI score0.00191EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/15 1:41 p.m.•4 views

SUSE CVE-2026-33019

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling of img2sixel, where positive coordinates up to INTMAX are accepted without overflow-safe bounds...

7.1CVSS5.9AI score0.00256EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/15 1:41 p.m.•6 views

SUSE CVE-2026-33020

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixelframeconverttorgb888 in frame.c, where allocation size and pointer offset computations for palettised images PAL1, PAL...

7.1CVSS6.3AI score0.00205EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/15 1:41 p.m.•6 views

SUSE CVE-2026-33021

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a use-after-free vulnerability in sixelencoderencodebytes because sixelframeinit stores the caller-owned pixel buffer pointer directly in frame-pixels without making a defensive copy...

7.3CVSS6AI score0.00247EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/15 1:41 p.m.•5 views

SUSE CVE-2026-33023

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 option, a use-after-free vulnerability exists in loadwithgdkpixbuf in loader.c. The cleanup path manually frees the sixelframet object and its interna...

7.8CVSS5.8AI score0.00289EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/15 1:40 p.m.•7 views

SUSE CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

5.5CVSS6.1AI score0.00151EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/04/15 8:58 a.m.•5 views

SUSE CVE-2019-25695

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the...

8.6CVSS6.5AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/15 8:50 a.m.•9 views

SUSE CVE-2024-44201

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iPadOS 17.7.3, macOS Sequoia 15.1, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Processing a malicious crafted file may lead to a denial-of-service...

5.5CVSS5.8AI score0.00276EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/15 8:35 a.m.•6 views

SUSE CVE-2026-2332

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...

7.4CVSS5.8AI score0.01127EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2026/04/15 8:35 a.m.•8 views

SUSE CVE-2026-3842

unknown...

5.1CVSS5.8AI score
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/04/15 8:32 a.m.•6 views

SUSE CVE-2026-35580

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could...

9.1CVSS6AI score0.00566EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/04/14 11:30 p.m.•15 views

SUSE CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References28
SUSE CVE
SUSE CVE
•added 2026/04/14 11:30 p.m.•8 views

SUSE CVE-2026-6100

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

8.1CVSS5.8AI score0.00579EPSS
Exploits0References24
SUSE CVE
SUSE CVE
•added 2026/04/14 11:30 p.m.•5 views

SUSE CVE-2026-6192

A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/14 11:27 p.m.•4 views

SUSE CVE-2026-29628

A stack overflow in the experimental/tinyobjloaderopt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service DoS via supplying a crafted .mtl file...

6.2CVSS5.8AI score0.00173EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/14 11:27 p.m.•6 views

SUSE CVE-2026-30997

An out-of-bounds read in the readglobalparam function libavcodec/av1dec.c of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input...

7.1CVSS5.8AI score0.00337EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2026/04/14 11:27 p.m.•4 views

SUSE CVE-2026-30998

An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via supplying a crafted input file...

7.5CVSS5.8AI score0.004EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/14 11:27 p.m.•5 views

SUSE CVE-2026-30999

A heap buffer overflow in the avbprintfinalize function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS6AI score0.00452EPSS
Exploits1References3
Total number of security vulnerabilities59854