Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/04/08 11:25 p.m.•3 views

SUSE CVE-2026-32289

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

5.4CVSS5.8AI score0.0029EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/04/08 11:25 p.m.•9 views

SUSE CVE-2026-33033

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

5.3CVSS5.8AI score0.00689EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2026/04/08 11:25 p.m.•4 views

SUSE CVE-2026-33034

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

5.3CVSS5.8AI score0.00769EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/04/08 11:25 p.m.•5 views

SUSE CVE-2026-33810

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

5.9CVSS5.8AI score0.0034EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/04/08 11:25 p.m.•5 views

SUSE CVE-2026-34080

xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases. Client...

5.5CVSS5.8AI score0.00175EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/08 11:24 p.m.•5 views

SUSE CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/08 11:24 p.m.•10 views

SUSE CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

6.2CVSS5.8AI score0.00383EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/08 11:24 p.m.•7 views

SUSE CVE-2026-39314

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in ppdCreateFromIPP cups/ppd-cache.c allows any unprivileged local user to crash the cupsd root process by supplying a negative...

5.5CVSS5.8AI score0.00154EPSS
Exploits1References8
SUSE CVE
SUSE CVE
•added 2026/04/08 11:24 p.m.•6 views

SUSE CVE-2026-39316

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler cupsd when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters in...

5.5CVSS5.9AI score0.00178EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/04/07 11:29 p.m.•7 views

SUSE CVE-2026-5663

A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible...

9.8CVSS5.5AI score0.01721EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/07 11:27 p.m.•6 views

SUSE CVE-2026-27447

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...

4.8CVSS5.8AI score0.00317EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/04/07 11:27 p.m.•5 views

SUSE CVE-2026-27456

util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...

4.7CVSS5.7AI score0.00118EPSS
Exploits1References12
SUSE CVE
SUSE CVE
•added 2026/04/07 11:27 p.m.•3 views

SUSE CVE-2026-28386

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...

9.1CVSS6AI score0.00313EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/07 11:27 p.m.•7 views

SUSE CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

6.5CVSS6.2AI score0.00631EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2026/04/07 11:27 p.m.•8 views

SUSE CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

5.9CVSS6.2AI score0.00885EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/04/07 11:27 p.m.•7 views

SUSE CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

5.3CVSS5.9AI score0.00805EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2026/04/07 11:26 p.m.•4 views

SUSE CVE-2026-31053

A double free vulnerability exists in librz/bin/format/le/le.c in the function leloadfixuprecord. When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the...

6.2CVSS5.8AI score0.00149EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/07 11:26 p.m.•15 views

SUSE CVE-2026-31790

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

6.5CVSS6.1AI score0.00981EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•5 views

SUSE CVE-2026-34378

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

5.5CVSS5.9AI score0.00262EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•4 views

SUSE CVE-2026-34379

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...

6.1CVSS6AI score0.00283EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•6 views

SUSE CVE-2026-34380

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...

5.8CVSS5.8AI score0.00255EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•7 views

SUSE CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS6AI score0.00613EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•4 views

SUSE CVE-2026-34588

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

7CVSS5.8AI score0.00482EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•6 views

SUSE CVE-2026-34589

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

7CVSS5.8AI score0.00419EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•10 views

SUSE CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS5.9AI score0.00406EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•7 views

SUSE CVE-2026-34979

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...

5.3CVSS6.1AI score0.00379EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•7 views

SUSE CVE-2026-34980

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server...

6.4CVSS5.9AI score0.00502EPSS
Exploits1References10
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•12 views

SUSE CVE-2026-34990

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...

7.8CVSS5.9AI score0.00289EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•5 views

SUSE CVE-2026-35392

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitization. This vulnerability is fixed in 2.0.0-beta.3...

9.8CVSS5.8AI score0.00683EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•6 views

SUSE CVE-2026-35393

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3...

9.8CVSS5.8AI score0.00683EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•6 views

SUSE CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

6.1CVSS5.8AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/07 11:25 p.m.•5 views

SUSE CVE-2026-35471

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3...

9.8CVSS5.8AI score0.00683EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:25 p.m.•5 views

SUSE CVE-2026-5673

A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI Audio Video Interleave parser, specifically in the aviparseinputfile function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a...

5.6CVSS5.8AI score0.00178EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:25 p.m.•5 views

SUSE CVE-2026-26060

Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet's password management logic could allow previously issued password reset tokens to remain valid after a user changes their password. As a result, a stale password reset token could be reused to reset the...

8.8CVSS5.8AI score0.00335EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:25 p.m.•6 views

SUSE CVE-2026-26061

Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive...

8.7CVSS5.8AI score0.00434EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:25 p.m.•4 views

SUSE CVE-2026-26233

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

6.5CVSS5.8AI score0.00305EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:25 p.m.•4 views

SUSE CVE-2026-27018

Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0...

8.8CVSS5.7AI score0.00538EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:25 p.m.•5 views

SUSE CVE-2026-29180

Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...

8.8CVSS5.9AI score0.00315EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:25 p.m.•7 views

SUSE CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

5.5CVSS5.7AI score0.0055EPSS
Exploits0References23
SUSE CVE
SUSE CVE
•added 2026/04/06 11:25 p.m.•7 views

SUSE CVE-2026-31406

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini After canceldelayedworksync is called from xfrmnatkeepalivenetfini, xfrmstatefini flushes remaining states via xfrmstatedelete, which calls...

7CVSS5.7AI score0.00159EPSS
Exploits0References40
SUSE CVE
SUSE CVE
•added 2026/04/06 11:25 p.m.•7 views

SUSE CVE-2026-31407

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the kernel without any validation. Extend the netlink policies accordingly...

4.4CVSS5.7AI score0.00169EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/04/06 11:25 p.m.•7 views

SUSE CVE-2026-31408

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...

7CVSS5.7AI score0.003EPSS
Exploits0References27
SUSE CVE
SUSE CVE
•added 2026/04/06 11:25 p.m.•6 views

SUSE CVE-2026-31409

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn-binding on failed binding request When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails ksmbd sets conn-binding = true but never clears it on the error path. This leaves the connectio...

8.8CVSS5.7AI score0.00454EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:25 p.m.•7 views

SUSE CVE-2026-31410

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

5.5CVSS5.7AI score0.00164EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:25 p.m.•5 views

SUSE CVE-2026-33026

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4...

9.4CVSS5.7AI score0.00328EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:24 p.m.•7 views

SUSE CVE-2026-33027

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operati...

6.9CVSS5.7AI score0.00397EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:24 p.m.•3 views

SUSE CVE-2026-33028

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms Mutex and non-atomic file writes, concurrent requests lead to the severe corruption of the prima...

7.5CVSS5.8AI score0.00534EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:24 p.m.•5 views

SUSE CVE-2026-33029

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enter...

6.9CVSS5.7AI score0.00948EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:24 p.m.•6 views

SUSE CVE-2026-33030

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

9.9CVSS5.8AI score0.0028EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/06 11:24 p.m.•6 views

SUSE CVE-2026-33032

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoi...

9.8CVSS5.8AI score0.38477EPSS
Exploits4References3
Total number of security vulnerabilities59854