Lucene search
K
SusecveRecent

59380 matches found

SUSE CVE
SUSE CVE
added 5 hours ago5 views

SUSE CVE-2026-14241

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152.0.4...

9.8CVSS6.1AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 5 hours ago4 views

SUSE CVE-2026-49825

unknown...

5.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
added yesterday4 views

SUSE CVE-2026-53360

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...

6AI score0.00267EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added yesterday5 views

SUSE CVE-2026-53361

In the Linux kernel, the following vulnerability has been resolved: afunix: Set gcinprogress to true in unixgc. Igor Ushakov reported that unixgc could run with gcinprogress being false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -------- -------- -------- unixschedulegc...

5.8AI score0.00171EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added yesterday3 views

SUSE CVE-2026-53362

In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In ip6appenddata, when the paged-allocation branch is taken MSGMORE / NETIFFSG / large fraglen, alloclen and pagedlen are computed as alloclen = fragheaderlen + transhdrlen;...

5.8AI score0.00176EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2 days ago6 views

SUSE CVE-2026-14544

A flaw was found in HPLIP HP Linux Imaging and Printing Software. This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling...

9.8CVSS6.3AI score0.00511EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2 days ago8 views

SUSE CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

5.9AI score0.00162EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2 days ago8 views

SUSE CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

7CVSS7.1AI score0.0022EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2 days ago7 views

SUSE CVE-2026-44294

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS6.3AI score0.00431EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2 days ago7 views

SUSE CVE-2026-45363

unknown...

5.9AI score0.00018EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2 days ago7 views

SUSE CVE-2026-48815

unknown...

5.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2 days ago7 views

SUSE CVE-2026-49852

unknown...

5.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2 days ago10 views

SUSE CVE-2026-53422

Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...

2.3CVSS6AI score0.00333EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2 days ago4 views

SUSE CVE-2026-54886

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...

5.3CVSS6.1AI score0.00345EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2 days ago4 views

SUSE CVE-2026-54891

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS6AI score0.00164EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2 days ago3 views

SUSE CVE-2026-55950

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS6AI score0.00406EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2 days ago4 views

SUSE CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS6.1AI score0.00464EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2 days ago4 views

SUSE CVE-2026-58381

A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the readlayerblock function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution...

6.1CVSS6.2AI score0.00118EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2 days ago4 views

SUSE CVE-2026-59102

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS6.2AI score0.00199EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2022-41793

An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS7.5AI score0.00816EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2022-42885

A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS7.5AI score0.00816EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2022-43607

An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.1CVSS7.5AI score0.00796EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2022-44451

A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS7.5AI score0.00816EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2022-46289

Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.nAtoms...

7.8CVSS7.7AI score0.00816EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2022-46290

Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.The loop that...

7.8CVSS7.5AI score0.00816EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2022-46292

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to...

7.8CVSS7.5AI score0.00816EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 3 days ago8 views

SUSE CVE-2022-46294

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to...

7.8CVSS7.5AI score0.00863EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2025-15666

A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the file code/Common/SceneCombiner.cpp of the component Model File Handler. Such manipulation of the argument width/height lead...

5.3CVSS5.9AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2026-4360

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

2CVSS5.7AI score0.00304EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2026-9595

Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago4 views

SUSE CVE-2026-13769

Overly permissive file permissions in AWS CLI before 1.44.78 v1 and 2.34.29 v2 on Unix-like systems where the umask has not been configured to restrict file permissions the default on most systems may allow other local users on the same host to read credentials written by certain CLI subcommands...

6.8CVSS5.9AI score0.00101EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago3 views

SUSE CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago4 views

SUSE CVE-2026-14324

RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return...

6.5CVSS5.9AI score0.00175EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago3 views

SUSE CVE-2026-14330

Multiple unbounded alloca calls in the PulseAudio protocol server...

5.5CVSS5.9AI score0.001EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago5 views

SUSE CVE-2026-20213

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PE file...

7.5CVSS7.3AI score0.00463EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago7 views

SUSE CVE-2026-20214

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG...

7.5CVSS7.3AI score0.00463EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2026-20215

A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z file...

7.5CVSS7.3AI score0.00389EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2026-20216

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerabilit...

7.5CVSS7.1AI score0.00389EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2026-20217

A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in...

7.5CVSS7.3AI score0.00389EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2026-20243

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ...

7.5CVSS7.3AI score0.00389EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago8 views

SUSE CVE-2026-20244

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG...

7.5CVSS7.2AI score0.00389EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago4 views

SUSE CVE-2026-35505

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart...

8.7CVSS6AI score0.00379EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2026-41676

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.8CVSS6AI score0.00298EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago4 views

SUSE CVE-2026-44486

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios' Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS5.9AI score0.00552EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 3 days ago4 views

SUSE CVE-2026-44487

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios's Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is...

8.2CVSS5.9AI score0.00689EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 3 days ago3 views

SUSE CVE-2026-44488

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS6AI score0.0063EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 3 days ago2 views

SUSE CVE-2026-44492

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe...

8.6CVSS7.2AI score0.00921EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 3 days ago3 views

SUSE CVE-2026-44494

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS7.1AI score0.01041EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 3 days ago3 views

SUSE CVE-2026-44495

Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse,...

7CVSS5.9AI score0.00495EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 3 days ago3 views

SUSE CVE-2026-44496

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

7.5CVSS6AI score0.00645EPSS
Exploits1References3
Total number of security vulnerabilities59380