Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
added 2026/03/12 2:4 p.m.3 views

SUSE CVE-2026-3942

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/12 2:4 p.m.5 views

SUSE CVE-2026-3949

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...

3.3CVSS5.2AI score0.00117EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/12 2:4 p.m.4 views

SUSE CVE-2026-3950

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

3.3CVSS5.2AI score0.00117EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/12 2:3 p.m.2 views

SUSE CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

8.8CVSS6.3AI score0.0046EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/12 2:3 p.m.6 views

SUSE CVE-2026-31958

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

7.5CVSS5.8AI score0.00375EPSS
Exploits0References38
SUSE CVE
SUSE CVE
added 2026/03/12 2:3 p.m.6 views

SUSE CVE-2026-31979

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

7.8CVSS5.9AI score0.00196EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/03/12 10:0 a.m.4 views

SUSE CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

7.8CVSS5.8AI score0.00134EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/12 9:2 a.m.7 views

SUSE CVE-2024-14027

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path In the Linux kernel, the fremovexattr syscall calls fdget to acquire a file reference but returns early without calling fdput when strncpyfromuser fails on the name argument. In...

5.5CVSS5.7AI score0.0021EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/03/12 8:52 a.m.4 views

SUSE CVE-2026-29777

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/12 8:52 a.m.5 views

SUSE CVE-2026-31837

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/12 8:52 a.m.7 views

SUSE CVE-2026-31838

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests...

6.9CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/12 8:52 a.m.5 views

SUSE CVE-2026-31853

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

8.6CVSS5.9AI score0.00093EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/03/12 8:52 a.m.4 views

SUSE CVE-2026-31870

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...

7.5CVSS5.6AI score0.00453EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 5:37 p.m.2 views

SUSE CVE-2025-3063

The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxcallbackupdatesaoption function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.9AI score0.00383EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/11 5:31 p.m.4 views

SUSE CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

3.7CVSS5.8AI score0.00159EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/11 5:30 p.m.4 views

SUSE CVE-2025-12183

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input...

8.8CVSS5.9AI score0.00647EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/11 5:29 p.m.7 views

SUSE CVE-2025-12801

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...

6.5CVSS5.8AI score0.00462EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/03/11 5:29 p.m.3 views

SUSE CVE-2025-13327

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...

8.8CVSS5.9AI score0.0015EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/11 5:29 p.m.4 views

SUSE CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS6AI score0.00189EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/11 5:29 p.m.4 views

SUSE CVE-2025-13767

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/11 5:29 p.m.5 views

SUSE CVE-2025-13821

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID:...

5.7CVSS5.8AI score0.00198EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/11 5:28 p.m.5 views

SUSE CVE-2025-14350

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/11 5:28 p.m.2 views

SUSE CVE-2025-14435

Mattermost versions 10.11.x = 10.11.8, 11.1.x = 11.1.1, 11.0.x = 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops...

6.8CVSS5.8AI score0.00274EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/11 5:28 p.m.5 views

SUSE CVE-2025-14573

Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...

3.8CVSS5.8AI score0.00157EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/11 5:28 p.m.4 views

SUSE CVE-2025-14822

Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...

6.5CVSS5.8AI score0.00318EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:49 p.m.4 views

SUSE CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

6.2CVSS5.8AI score0.00146EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:49 p.m.3 views

SUSE CVE-2026-31826

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...

5.5CVSS5.7AI score0.00172EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:25 p.m.3 views

SUSE CVE-2025-69647

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an...

6.2CVSS5.9AI score0.00152EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:25 p.m.5 views

SUSE CVE-2025-69648

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debugrnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a...

6.2CVSS6.2AI score0.00176EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:25 p.m.4 views

SUSE CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

7.5CVSS5.8AI score0.00256EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:25 p.m.3 views

SUSE CVE-2025-69650

GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dumprelocations may return early without initializing the allrelocations array. As a result, processgotsectioncontents may pass ...

7.5CVSS6.3AI score0.00502EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:25 p.m.6 views

SUSE CVE-2025-69652

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...

6.2CVSS6.1AI score0.00173EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:25 p.m.7 views

SUSE CVE-2025-69653

A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 2025-12-11, in file gcdecrefchild in quickjs.c, when executed with the qjs interpreter using the -m option. This leads to an abort SIGABRT...

6.5CVSS5.7AI score0.00215EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:25 p.m.4 views

SUSE CVE-2025-69654

A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 2025-12-11,qjs interpreter using the -m option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JSFreeRuntime...

7.5CVSS5.8AI score0.00284EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:21 p.m.7 views

SUSE CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.8AI score0.00428EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:20 p.m.4 views

SUSE CVE-2026-1229

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

7CVSS5.8AI score0.00397EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/03/11 4:20 p.m.4 views

SUSE CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/03/11 4:20 p.m.4 views

SUSE CVE-2026-2436

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the soupserverdisconnect function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a...

6.5CVSS5.8AI score0.00447EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:18 p.m.3 views

SUSE CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

4.7CVSS5.8AI score0.00333EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2026/03/11 4:18 p.m.6 views

SUSE CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

4.6CVSS5.8AI score0.00302EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2026/03/11 4:18 p.m.5 views

SUSE CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

2.5CVSS5.8AI score0.00715EPSS
Exploits2References11
SUSE CVE
SUSE CVE
added 2026/03/11 4:18 p.m.2 views

SUSE CVE-2026-3836

unknown...

5.8AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:18 p.m.4 views

SUSE CVE-2026-3846

Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...

6.5CVSS5.8AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:18 p.m.4 views

SUSE CVE-2026-3847

Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148.0.2...

8.8CVSS5.9AI score0.00308EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:16 p.m.7 views

SUSE CVE-2026-23868

Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible...

5.8CVSS5.7AI score0.00144EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/03/11 4:15 p.m.4 views

SUSE CVE-2026-28292

simple-git, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes CVE-2022-25860 and CVE-2022-25912 and achieve full remote code execution on the host machine. Version 3.23.0 contains ...

9.8CVSS6.5AI score0.01296EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:15 p.m.3 views

SUSE CVE-2026-30928

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all...

8.7CVSS5.8AI score0.01657EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:15 p.m.7 views

SUSE CVE-2026-30930

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

9.8CVSS5.8AI score0.00364EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:15 p.m.3 views

SUSE CVE-2026-30935

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds rea...

4.4CVSS5.9AI score0.00105EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/03/11 4:15 p.m.4 views

SUSE CVE-2026-31801

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot's dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

7.7CVSS5.8AI score0.00212EPSS
Exploits1References4
Total number of security vulnerabilities59854