Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.15 views

SUSE CVE-2026-31866

flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP /ofrep/v1/evaluate/... and gRPC evaluation.v1, evaluation.v2 endpoints for feature flag evaluation. These endpoints are designed to be publicly accessible by client applications. The evaluation context...

7.5CVSS7AI score0.0042EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.4 views

SUSE CVE-2026-31886

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves...

9.1CVSS6.1AI score0.00421EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.6 views

SUSE CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

9.9CVSS5.9AI score0.00413EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.7 views

SUSE CVE-2026-31959

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

5.3CVSS6AI score0.00097EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.6 views

SUSE CVE-2026-31960

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...

5.3CVSS5.9AI score0.00088EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.4 views

SUSE CVE-2026-31961

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

5.5CVSS5.9AI score0.001EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.9 views

SUSE CVE-2026-32102

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin's live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can...

7.1CVSS6.1AI score0.00431EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.7 views

SUSE CVE-2026-32110

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...

8.3CVSS6AI score0.00278EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.4 views

SUSE CVE-2026-32136

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext h2c. Once the upgrade is accepted, the resulting...

9.8CVSS5.9AI score0.00735EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.11 views

SUSE CVE-2026-32245

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...

6.5CVSS5.9AI score0.0025EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.12 views

SUSE CVE-2026-32246

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization codes. An attacker who knows a user's password but not their TOTP secret can obtain...

8.5CVSS5.9AI score0.0027EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.5 views

SUSE CVE-2026-32319

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all...

7.5CVSS5.9AI score0.00306EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.6 views

SUSE CVE-2026-32320

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send...

7.5CVSS5.9AI score0.00185EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.5 views

SUSE CVE-2026-32596

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

7.5CVSS5.9AI score0.0155EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.5 views

SUSE CVE-2026-32608

Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime...

7CVSS6.1AI score0.00243EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.3 views

SUSE CVE-2026-32614

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

7.5CVSS5.9AI score0.00211EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.7 views

SUSE CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

7.8CVSS6.1AI score0.00918EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.4 views

SUSE CVE-2026-32828

Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery SSRF against link-local addresses, most...

5.1CVSS5.8AI score0.00328EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.4 views

SUSE CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

8.7CVSS5.8AI score0.00514EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.11 views

SUSE CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS6AI score0.00401EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.8 views

SUSE CVE-2026-33168

Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.6 views

SUSE CVE-2026-33169

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.6 views

SUSE CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

6.1CVSS5.9AI score0.00327EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.3 views

SUSE CVE-2026-33173

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the...

5.3CVSS6AI score0.0039EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.6 views

SUSE CVE-2026-33174

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.6 views

SUSE CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

8.7CVSS5.9AI score0.0061EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.9 views

SUSE CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

8.1CVSS6AI score0.01557EPSS
Exploits1References72
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.6 views

SUSE CVE-2026-33195

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path...

9.8CVSS5.9AI score0.00567EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.7 views

SUSE CVE-2026-33202

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled inp...

9.1CVSS5.8AI score0.00646EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.4 views

SUSE CVE-2026-33298

llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...

7.8CVSS6.2AI score0.00477EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.6 views

SUSE CVE-2026-33310

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

8.8CVSS5.9AI score0.00428EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.12 views

SUSE CVE-2026-33554

ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system managemen...

7.6CVSS6AI score0.00403EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.4 views

SUSE CVE-2026-33634

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS6.2AI score0.60368EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2026/03/24 12:28 a.m.6 views

SUSE CVE-2026-4115

A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a hi...

6.3CVSS5.3AI score0.00534EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/24 12:28 a.m.5 views

SUSE CVE-2026-4437

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the...

4.7CVSS5.9AI score0.00292EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2026/03/24 12:28 a.m.6 views

SUSE CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

4.7CVSS5.9AI score0.00189EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2026/03/24 12:27 a.m.5 views

SUSE CVE-2026-4541

A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/cryptosigned25519tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local...

2.5CVSS4.7AI score0.00083EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.5 views

SUSE CVE-2026-32710

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSONSCHEMAVALID function. Under certain conditions it might be possible to turn the crash into a remote code execution. These...

8.5CVSS6.1AI score0.00856EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.10 views

SUSE CVE-2026-32733

Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...

8.7CVSS5.9AI score0.00399EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.6 views

SUSE CVE-2026-32810

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

5.5CVSS5.9AI score0.00175EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.6 views

SUSE CVE-2026-33150

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...

7.8CVSS6AI score0.0031EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.4 views

SUSE CVE-2026-33154

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

8.1CVSS5.8AI score0.00526EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.5 views

SUSE CVE-2026-33155

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...

7.5CVSS5.8AI score0.00452EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.8 views

SUSE CVE-2026-33179

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...

5.5CVSS5.8AI score0.00197EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.7 views

SUSE CVE-2026-33204

SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.8 views

SUSE CVE-2026-33210

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...

9.1CVSS5.8AI score0.00838EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.8 views

SUSE CVE-2026-33230

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...

6.1CVSS6.1AI score0.00331EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.9 views

SUSE CVE-2026-33231

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...

7.5CVSS5.9AI score0.00855EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.10 views

SUSE CVE-2026-33236

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...

8.1CVSS6AI score0.00487EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/23 12:24 a.m.7 views

SUSE CVE-2026-4428

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or...

9.1CVSS5.8AI score0.00252EPSS
Exploits0References3
Total number of security vulnerabilities59854