Lucene search
K
SusecveRecent

59189 matches found

SUSE CVE
SUSE CVE
added 2026/06/20 2:28 a.m.9 views

SUSE CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS6.1AI score0.00088EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 2:1 a.m.10 views

SUSE CVE-2025-10263

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...

9.1CVSS5.2AI score0.00463EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/06/19 1:58 a.m.10 views

SUSE CVE-2026-6039

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose...

6.9CVSS5.6AI score0.00157EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:58 a.m.10 views

SUSE CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

6.9CVSS5.3AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:58 a.m.11 views

SUSE CVE-2026-6045

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:58 a.m.11 views

SUSE CVE-2026-6047

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

6.9CVSS5.7AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:58 a.m.10 views

SUSE CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.10 views

SUSE CVE-2026-8356

LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose...

6.9CVSS5.7AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.10 views

SUSE CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

6.9CVSS5.6AI score0.00139EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.11 views

SUSE CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.9 views

SUSE CVE-2026-9678

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.9 views

SUSE CVE-2026-11525

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...

3.7CVSS5.9AI score0.00248EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.4 views

SUSE CVE-2026-12151

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

5.9CVSS5.9AI score0.0057EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.6 views

SUSE CVE-2026-12293

Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

9.8CVSS5.8AI score0.00302EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.7 views

SUSE CVE-2026-12300

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.3CVSS5.8AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.4 views

SUSE CVE-2026-12301

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.3CVSS5.8AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.7 views

SUSE CVE-2026-12303

Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.5 views

SUSE CVE-2026-12316

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.6 views

SUSE CVE-2026-12317

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.5 views

SUSE CVE-2026-12318

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

7.3CVSS5.8AI score0.00263EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.6 views

SUSE CVE-2026-12319

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.15 views

SUSE CVE-2026-12320

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

4.3CVSS5.8AI score0.00179EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.7 views

SUSE CVE-2026-12321

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.8AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.5 views

SUSE CVE-2026-12322

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.6 views

SUSE CVE-2026-12323

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.5 views

SUSE CVE-2026-12324

Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

7.3CVSS5.8AI score0.00209EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.8 views

SUSE CVE-2026-12325

Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.7 views

SUSE CVE-2026-12326

Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

8.1CVSS6AI score0.00251EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:56 a.m.6 views

SUSE CVE-2026-12528

A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...

5.4CVSS5.8AI score0.00226EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:53 a.m.6 views

SUSE CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.02887EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:52 a.m.7 views

SUSE CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS6.3AI score0.03299EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:50 a.m.6 views

SUSE CVE-2026-48142

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...

6.3CVSS6AI score0.00398EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:50 a.m.6 views

SUSE CVE-2026-48491

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

10CVSS5.9AI score0.00245EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:50 a.m.5 views

SUSE CVE-2026-48990

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength, which can lead to resource exhaustion...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:50 a.m.8 views

SUSE CVE-2026-49859

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name...

5.2CVSS5.8AI score0.00101EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:50 a.m.6 views

SUSE CVE-2026-49860

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially...

5.2CVSS5.8AI score0.00101EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:50 a.m.11 views

SUSE CVE-2026-49983

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with --deny-env, or restrict it to a specific allowlist with --allow-env=FOO,BAR. The expectation is that a program running without env permission cannot...

5.2CVSS5.9AI score0.00098EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:50 a.m.5 views

SUSE CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

7.4CVSS5.8AI score0.00268EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:50 a.m.5 views

SUSE CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

9.6CVSS6AI score0.00555EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:50 a.m.6 views

SUSE CVE-2026-50134

unknown...

5.8AI score0.00024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:50 a.m.6 views

SUSE CVE-2026-50135

unknown...

5.8AI score0.00024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:49 a.m.9 views

SUSE CVE-2026-50574

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

9.6CVSS6.5AI score0.00406EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:49 a.m.6 views

SUSE CVE-2026-53537

unknown...

3.7CVSS5.8AI score0.00177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:49 a.m.5 views

SUSE CVE-2026-53538

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...

3.7CVSS5.8AI score0.00176EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/19 1:49 a.m.5 views

SUSE CVE-2026-53539

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remaining buffer for &, and only when no & existed anywhere ahead...

7.5CVSS6.1AI score0.00263EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/19 1:49 a.m.6 views

SUSE CVE-2026-53540

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...

3.7CVSS5.8AI score0.00217EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/19 1:49 a.m.8 views

SUSE CVE-2026-53622

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

10CVSS5.9AI score0.0024EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:49 a.m.6 views

SUSE CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

3.7CVSS5.9AI score0.00187EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/19 1:49 a.m.7 views

SUSE CVE-2026-54283

Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An...

7.5CVSS5.9AI score0.00275EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/19 1:49 a.m.5 views

SUSE CVE-2026-54293

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References3
Total number of security vulnerabilities59189