Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2 hours ago•6 views

SUSE CVE-2020-12265

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...

9.8CVSS6AI score0.02147EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2 hours ago•3 views

SUSE CVE-2026-6734

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

8.8CVSS5.9AI score0.00315EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2 hours ago•3 views

SUSE CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS6AI score0.00431EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2 hours ago•3 views

SUSE CVE-2026-11322

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

7.1CVSS5.8AI score0.00323EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2 hours ago•3 views

SUSE CVE-2026-13122

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS6AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 2 hours ago•3 views

SUSE CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

6CVSS6AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 2 hours ago•3 views

SUSE CVE-2026-14604

A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The...

6.5CVSS5.6AI score0.00233EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2 hours ago•3 views

SUSE CVE-2026-14757

A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function coreanalbytes of the file libr/core/cmdanal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is...

5.3CVSS5.6AI score0.00115EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2 hours ago•3 views

SUSE CVE-2026-14758

A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmdanalopcode of the file libr/core/cmdanal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is public...

4.8CVSS5.6AI score0.00115EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2 hours ago•3 views

SUSE CVE-2026-14759

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

4.8CVSS6.1AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2 hours ago•3 views

SUSE CVE-2026-14760

A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function rcoreseekarchbits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made availabl...

4.8CVSS5.5AI score0.00115EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2 hours ago•3 views

SUSE CVE-2026-14761

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. The affected element is the function rstrndup/rstrappend of the file libr/util/str.c. The manipulation leads to integer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be...

5.5CVSS5.2AI score0.00115EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2 hours ago•3 views

SUSE CVE-2026-14788

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...

4.8CVSS5.2AI score0.00115EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-33630

unknown...

5.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-42311

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...

8.6CVSS6.2AI score0.0015EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

8.7CVSS6AI score0.00211EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•4 views

SUSE CVE-2026-43825

Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected: before 3.0.0-M4 libsvm document categorization module; introduced in OPENNLP-1808 and only present on the 3.x line Description: SvmDoccatModel.deserializeInputStream reads an attacker-controlled stream with...

7.3CVSS6.7AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-49452

unknown...

5.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-53486

unknown...

5.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•4 views

SUSE CVE-2026-54059

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes without calling Image.decompressionbombcheck, allowing crafted PCF font data to cause excessive memory allocation. Thi...

7.5CVSS6AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-54060

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS6AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•4 views

SUSE CVE-2026-54291

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS5.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

7.8CVSS6AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-54764

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...

6.9CVSS6AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-55379

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-55520

unknown...

5.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-58380

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscannergettoken function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption,...

7.3CVSS6.3AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•4 views

SUSE CVE-2026-58384

A flaw was found in GIMP's PSD parser. An integer overflow in readRLEchannel can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitra...

7.3CVSS6.2AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•4 views

SUSE CVE-2026-58386

unknown...

5.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-58388

unknown...

5.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 3 hours ago•3 views

SUSE CVE-2026-59089

A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table CLUT due to an integer overflow. This occurs when multiplying numcolors and numcluts, both 16-bit unsigned short integers, resulting i...

5.5CVSS6AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 15 hours ago•3 views

SUSE CVE-2026-13774

Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Critical...

8.1CVSS6.3AI score0.00303EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•3 views

SUSE CVE-2026-13775

Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.8CVSS6AI score0.00314EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•3 views

SUSE CVE-2026-13776

Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.8CVSS6AI score0.00343EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•4 views

SUSE CVE-2026-13777

Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00293EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•3 views

SUSE CVE-2026-13778

Use after free in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via a malicious peripheral. Chromium security severity: Critical...

7.8CVSS6.3AI score0.0014EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•3 views

SUSE CVE-2026-13779

Use after free in Chromoting in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

8.1CVSS6.4AI score0.00366EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•3 views

SUSE CVE-2026-13780

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS6AI score0.00314EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•3 views

SUSE CVE-2026-13781

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS6AI score0.00314EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•3 views

SUSE CVE-2026-13782

Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

10CVSS6AI score0.00293EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•3 views

SUSE CVE-2026-13783

Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00314EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•4 views

SUSE CVE-2026-13784

Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00314EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•3 views

SUSE CVE-2026-13785

Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS6AI score0.00314EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•3 views

SUSE CVE-2026-13786

Use after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.3AI score0.00379EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•3 views

SUSE CVE-2026-13787

Use after free in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

8.1CVSS6.4AI score0.00393EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•2 views

SUSE CVE-2026-13788

Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.4AI score0.00379EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•3 views

SUSE CVE-2026-13790

Side-channel information leakage in Scroll in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS6AI score0.00299EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•4 views

SUSE CVE-2026-13791

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: High...

8.1CVSS6.3AI score0.00324EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 15 hours ago•2 views

SUSE CVE-2026-13792

Use after free in Touchbar in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS6AI score0.00316EPSS
Exploits0References2
Total number of security vulnerabilities59854