Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/02/28 12:24 a.m.•3 views

SUSE CVE-2026-27457

Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's AddonViewSet weblate/api/views.py, line 2831 uses queryset = Addon.objects.all without overriding getqueryset to scope results by user permissions. This allows any authenticated user or anonymous users if REQUIRELOG...

4.3CVSS5.8AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/28 12:24 a.m.•5 views

SUSE CVE-2026-27798

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the -wavelet-denoise operator. Versions 7.1.2-15 and 6.9.13-40...

4CVSS5.9AI score0.00137EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/02/28 12:24 a.m.•5 views

SUSE CVE-2026-27799

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride ro...

4CVSS5.9AI score0.00123EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/02/28 12:24 a.m.•4 views

SUSE CVE-2026-27904

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested extglobs produce regexps with nested unbounded quantifiers e.g. ?:?:a|b, which exhibit catastrophic...

7.5CVSS5.8AI score0.00472EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2026/02/28 12:24 a.m.•3 views

SUSE CVE-2026-28364

In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock function, which performs unbounded memcpy operation...

7.8CVSS6.6AI score0.0021EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/02/27 12:28 a.m.•4 views

SUSE CVE-2026-3172

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server...

8.1CVSS5.9AI score0.00263EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/02/27 12:28 a.m.•4 views

SUSE CVE-2026-3201

USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service...

3.3CVSS5.8AI score0.00184EPSS
Exploits2References7
SUSE CVE
SUSE CVE
•added 2026/02/27 12:28 a.m.•4 views

SUSE CVE-2026-3202

NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service...

3.3CVSS5.8AI score0.00157EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/02/27 12:28 a.m.•4 views

SUSE CVE-2026-3203

RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service...

3.3CVSS5.8AI score0.00157EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2026/02/27 12:25 a.m.•6 views

SUSE CVE-2026-25941

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the FreeRDP client's RDPGFX channel that allows a malicious RDP server to read uninitialized heap memory...

4.3CVSS5.9AI score0.00284EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/02/27 12:25 a.m.•9 views

SUSE CVE-2026-25942

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverexecuteresult indexes the global errorcodenames array 7 elements, indices 0-6 with an unchecked execResult-execResult value received from the server, allowing an out-of-bounds read when the serve...

5.3CVSS5.8AI score0.00454EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/02/27 12:25 a.m.•12 views

SUSE CVE-2026-25952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfSetWindowMinMaxInfo dereferences a freed xfAppWindow pointer because xfrailgetwindow in xfrailserverminmaxinfo returns an unprotected pointer from the railWindows hash table, and the main thread can...

5.3CVSS5.8AI score0.00599EPSS
Exploits1References14
SUSE CVE
SUSE CVE
•added 2026/02/27 12:25 a.m.•5 views

SUSE CVE-2026-25953

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reads from a freed xfAppWindow because the RDPGFX DVC thread obtains a bare pointer via xfrailgetwindow without any lifetime protection, while the main thread can concurrently...

5.3CVSS5.8AI score0.00587EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/02/27 12:25 a.m.•9 views

SUSE CVE-2026-25954

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverlocalmovesize dereferences a freed xfAppWindow pointer because xfrailgetwindow returns an unprotected pointer from the railWindows hash table, and the main thread can concurrently delete the wind...

5.3CVSS5.8AI score0.00486EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/02/27 12:25 a.m.•7 views

SUSE CVE-2026-27628

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...

7.5CVSS5.7AI score0.00346EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/27 12:24 a.m.•6 views

SUSE CVE-2026-27699

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

9.8CVSS5.7AI score0.00528EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2026/02/27 12:24 a.m.•4 views

SUSE CVE-2026-27727

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

9.8CVSS6.1AI score0.00812EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2026/02/27 12:24 a.m.•16 views

SUSE CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8CVSS6AI score0.00534EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/02/27 12:24 a.m.•3 views

SUSE CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

5.3CVSS5.7AI score0.00348EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/02/27 12:24 a.m.•5 views

SUSE CVE-2026-27950

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been...

7.5CVSS6AI score0.00427EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/27 12:24 a.m.•7 views

SUSE CVE-2026-27951

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...

5.9CVSS5.8AI score0.00346EPSS
Exploits1References11
SUSE CVE
SUSE CVE
•added 2026/02/27 12:24 a.m.•6 views

SUSE CVE-2026-28295

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/02/27 12:24 a.m.•4 views

SUSE CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

7.3CVSS6.3AI score0.0036EPSS
Exploits2References7
SUSE CVE
SUSE CVE
•added 2026/02/26 12:28 a.m.•5 views

SUSE CVE-2026-1513

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...

6.1CVSS5.9AI score0.00158EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/02/26 12:27 a.m.•4 views

SUSE CVE-2026-3184

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

5.6CVSS5.8AI score0.00436EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/26 12:27 a.m.•4 views

SUSE CVE-2026-21725

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

3.7CVSS5.8AI score0.00175EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/02/26 12:25 a.m.•5 views

SUSE CVE-2026-26103

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

7.1CVSS5.7AI score0.00075EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/02/26 12:25 a.m.•3 views

SUSE CVE-2026-26104

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitiv...

5.5CVSS5.7AI score0.00075EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/26 12:25 a.m.•3 views

SUSE CVE-2026-27585

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...

8.2CVSS5.8AI score0.00323EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/02/26 12:24 a.m.•6 views

SUSE CVE-2026-27586

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

9.3CVSS5.8AI score0.00267EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/02/26 12:24 a.m.•5 views

SUSE CVE-2026-27587

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...

9.1CVSS5.8AI score0.0037EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/02/26 12:24 a.m.•6 views

SUSE CVE-2026-27588

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...

9.1CVSS5.8AI score0.0037EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/02/26 12:24 a.m.•5 views

SUSE CVE-2026-27589

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...

8.2CVSS5.8AI score0.00166EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/02/26 12:24 a.m.•2 views

SUSE CVE-2026-27590

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

9.8CVSS6AI score0.00542EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/02/26 12:24 a.m.•3 views

SUSE CVE-2026-27606

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...

8.8CVSS6AI score0.01402EPSS
Exploits1References10
SUSE CVE
SUSE CVE
•added 2026/02/26 12:24 a.m.•4 views

SUSE CVE-2026-27624

Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "::1" and "::", but IPv4-mapped IPv6 is not...

6.5CVSS5.8AI score0.00254EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•5 views

SUSE CVE-2026-2757

Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.8CVSS5.8AI score0.00491EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•3 views

SUSE CVE-2026-2758

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.8CVSS5.8AI score0.00477EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•3 views

SUSE CVE-2026-2759

Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.8CVSS5.8AI score0.00395EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•4 views

SUSE CVE-2026-2760

Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.3CVSS5.8AI score0.00395EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•4 views

SUSE CVE-2026-2761

Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

7.5CVSS5.8AI score0.00395EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•4 views

SUSE CVE-2026-2762

Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.8CVSS5.8AI score0.00543EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•3 views

SUSE CVE-2026-2763

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.8CVSS5.8AI score0.00469EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•4 views

SUSE CVE-2026-2764

JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.8CVSS5.8AI score0.00469EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•6 views

SUSE CVE-2026-2765

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.8CVSS5.8AI score0.00469EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•4 views

SUSE CVE-2026-2766

Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.8CVSS5.8AI score0.00469EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•5 views

SUSE CVE-2026-2767

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.8CVSS5.8AI score0.00384EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•4 views

SUSE CVE-2026-2768

Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.8CVSS5.8AI score0.00366EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•3 views

SUSE CVE-2026-2769

Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.8CVSS5.8AI score0.00419EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/02/25 12:27 a.m.•3 views

SUSE CVE-2026-2770

Use-after-free in the DOM: Bindings WebIDL component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

8.8CVSS5.8AI score0.00469EPSS
Exploits0References14
Total number of security vulnerabilities59854