Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/03/14 12:25 a.m.•5 views

SUSE CVE-2026-4105

A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus Desktop Bus method. A local unprivileged user can exploit this by attempting to register a machine with a...

7.8CVSS6AI score0.00142EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/03/14 12:25 a.m.•3 views

SUSE CVE-2026-4111

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

7.5CVSS5.8AI score0.00693EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/03/14 12:24 a.m.•8 views

SUSE CVE-2026-31812

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...

5.3CVSS5.8AI score0.005EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/03/14 12:24 a.m.•5 views

SUSE CVE-2026-31890

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is - incidentally or maliciously - already full, the gadget will silently drop events. Th...

5.5CVSS5.8AI score0.00143EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/14 12:24 a.m.•12 views

SUSE CVE-2026-32239

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/14 12:24 a.m.•8 views

SUSE CVE-2026-32240

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/13 3:29 p.m.•3 views

SUSE CVE-2019-1147

unknown...

9.3CVSS5.8AI score0.04321EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/13 3:18 p.m.•3 views

SUSE CVE-2019-25355

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal...

8.7CVSS5.8AI score0.01206EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/13 2:23 p.m.•5 views

SUSE CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

2.5CVSS5.8AI score0.00164EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/03/13 1:59 p.m.•8 views

SUSE CVE-2025-70873

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file...

4.3CVSS5.8AI score0.00301EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/03/13 1:17 p.m.•3 views

SUSE CVE-2026-25704

A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use TOCTOU Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before...

5.8CVSS5.9AI score0.00088EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/13 1:16 p.m.•11 views

SUSE CVE-2026-27940

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...

7.8CVSS5.9AI score0.00177EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/13 1:16 p.m.•4 views

SUSE CVE-2026-28356

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/13 1:15 p.m.•10 views

SUSE CVE-2026-32249

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

5.5CVSS5.8AI score0.00133EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/13 1:15 p.m.•6 views

SUSE CVE-2026-32259

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible to write past the end of a buffer on the stack. This vulnerability is fixed in 7.1.2-16 and...

6.7CVSS6AI score0.00096EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/03/13 1:15 p.m.•7 views

SUSE CVE-2026-32260

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...

9.8CVSS6.1AI score0.01483EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/13 1:15 p.m.•7 views

SUSE CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

5.5CVSS5.9AI score0.00572EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/03/13 12:27 a.m.•3 views

SUSE CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/03/13 12:23 a.m.•4 views

SUSE CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

9.4CVSS6AI score0.00502EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/13 12:23 a.m.•6 views

SUSE CVE-2026-30226

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could...

7.5CVSS5.8AI score0.00373EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/13 12:23 a.m.•2 views

SUSE CVE-2026-31988

yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...

6.9CVSS6AI score0.00485EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 3:22 p.m.•4 views

SUSE CVE-2021-4456

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions addr2cidr and cidrlookup may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker ma...

8.2CVSS5.8AI score0.00322EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:5 p.m.•6 views

SUSE CVE-2026-3913

Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00417EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:5 p.m.•2 views

SUSE CVE-2026-3914

Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00349EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:5 p.m.•4 views

SUSE CVE-2026-3915

Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00377EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:5 p.m.•2 views

SUSE CVE-2026-3916

Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.00349EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•6 views

SUSE CVE-2026-3917

Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00349EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•5 views

SUSE CVE-2026-3918

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•2 views

SUSE CVE-2026-3919

Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00261EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•5 views

SUSE CVE-2026-3920

Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00291EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•5 views

SUSE CVE-2026-3921

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•4 views

SUSE CVE-2026-3922

Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•5 views

SUSE CVE-2026-3923

Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•2 views

SUSE CVE-2026-3924

use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.8AI score0.00265EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•4 views

SUSE CVE-2026-3925

Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00149EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•3 views

SUSE CVE-2026-3926

Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.8AI score0.00226EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•4 views

SUSE CVE-2026-3927

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•7 views

SUSE CVE-2026-3928

Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•3 views

SUSE CVE-2026-3929

Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

3.1CVSS5.9AI score0.00164EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•3 views

SUSE CVE-2026-3930

Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.8AI score0.0016EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•4 views

SUSE CVE-2026-3931

Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6AI score0.0025EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•5 views

SUSE CVE-2026-3932

Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS5.8AI score0.00183EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•4 views

SUSE CVE-2026-3934

Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00187EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•4 views

SUSE CVE-2026-3935

Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•4 views

SUSE CVE-2026-3936

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.8AI score0.00277EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•3 views

SUSE CVE-2026-3937

Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00185EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•4 views

SUSE CVE-2026-3938

Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•4 views

SUSE CVE-2026-3939

Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. Chromium security severity: Low...

5.3CVSS5.8AI score0.00147EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•7 views

SUSE CVE-2026-3940

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/12 2:4 p.m.•4 views

SUSE CVE-2026-3941

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00166EPSS
Exploits0References3
Total number of security vulnerabilities59854