Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.5 views

SUSE CVE-2026-25795

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in ReadSFWImage coders/sfw.c, when temporary file creation fails, readinfo is destroyed before its filename member is accessed, causing a NULL pointer dereferen...

5.3CVSS5.8AI score0.00376EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.4 views

SUSE CVE-2026-25796

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in ReadSTEGANOImage coders/stegano.c, the watermark Image object is not freed on three early-return paths, resulting in a definite memory leak 13.5KB+ per...

5.3CVSS5.8AI score0.00376EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.10 views

SUSE CVE-2026-25797

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a...

5.7CVSS6AI score0.00161EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.3 views

SUSE CVE-2026-25798

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted imag...

5.3CVSS5.9AI score0.00429EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.4 views

SUSE CVE-2026-25799

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resultin...

5.3CVSS5.8AI score0.00385EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.4 views

SUSE CVE-2026-25897

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versio...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.5 views

SUSE CVE-2026-25898

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is ...

6.5CVSS6AI score0.00348EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.8 views

SUSE CVE-2026-25965

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick's path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/ can be...

8.6CVSS5.8AI score0.00671EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.6 views

SUSE CVE-2026-25966

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. Prior to version...

5.9CVSS5.8AI score0.00135EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.8 views

SUSE CVE-2026-25967

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-1...

7.4CVSS6.2AI score0.00319EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.13 views

SUSE CVE-2026-25968

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versio...

7.4CVSS6AI score0.00272EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.9 views

SUSE CVE-2026-25969

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in coders/ashlar.c. The WriteASHLARImage allocates a structure. However, when an exception is thrown, the allocated memory is not properly released,...

4CVSS5.8AI score0.0036EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.3 views

SUSE CVE-2026-25970

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a...

5.3CVSS6AI score0.00275EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.7 views

SUSE CVE-2026-25971

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch...

6.2CVSS5.9AI score0.00208EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.7 views

SUSE CVE-2026-25982

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the coders/dcm.c module. When processing DICOM files with a specific configuration, the decoder loop incorrect...

6.5CVSS5.8AI score0.0034EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.6 views

SUSE CVE-2026-25983

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it,...

5.3CVSS5.8AI score0.00435EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.4 views

SUSE CVE-2026-25985

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate 674 GB of memory, leading to an out-of-memory abort. Versions...

7.5CVSS5.8AI score0.00501EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.4 views

SUSE CVE-2026-25986

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage coders/yuv.c when processing malicious YUV 4:2:2 NoInterlace images. The pixel-pair loop write...

5.3CVSS6AI score0.00461EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.11 views

SUSE CVE-2026-25987

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory...

5.3CVSS5.9AI score0.0037EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.11 views

SUSE CVE-2026-25988

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-4...

5.3CVSS5.8AI score0.00438EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.8 views

SUSE CVE-2026-25989

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check instead of = that allows bypass the guard and reach an undefined sizet cast...

7.5CVSS5.8AI score0.00594EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.4 views

SUSE CVE-2026-26066

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with IPTCTEXT. Versions 7.1.2-15 and 6.9.13-40 contain a patch...

6.2CVSS5.8AI score0.00327EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.5 views

SUSE CVE-2026-26283

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a continue statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger ...

6.2CVSS6.6AI score0.00327EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.3 views

SUSE CVE-2026-26284

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD Photo CD files. The decoder contains an function that has an incorrect...

6.5CVSS5.8AI score0.00404EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.4 views

SUSE CVE-2026-26331

yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...

8.8CVSS5.8AI score0.01596EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.3 views

SUSE CVE-2026-26981

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in...

7.8CVSS5.8AI score0.00523EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.4 views

SUSE CVE-2026-26983

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a...

5.3CVSS5.7AI score0.0045EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/25 12:24 a.m.2 views

SUSE CVE-2026-27623

Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/24 12:25 a.m.11 views

SUSE CVE-2025-14905

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...

7.2CVSS6.2AI score0.01038EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.4 views

SUSE CVE-2026-2903

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function checkandmergespecialrules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name:...

4.8CVSS5.2AI score0.00113EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.4 views

SUSE CVE-2026-2913

A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vipssourcereadtomemory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is rated as...

7CVSS5.4AI score0.00182EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.6 views

SUSE CVE-2026-27024

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1...

5.5CVSS5.7AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.4 views

SUSE CVE-2026-27025

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...

5.5CVSS5.7AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.2 views

SUSE CVE-2026-27026

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1...

5.5CVSS5.7AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.4 views

SUSE CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.5 views

SUSE CVE-2026-27112

Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can manifest a bug present in...

9.9CVSS6.5AI score0.00423EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.5 views

SUSE CVE-2026-27190

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

9.8CVSS5.8AI score0.02213EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.3 views

SUSE CVE-2026-27199

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

6.3CVSS5.7AI score0.00556EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.3 views

SUSE CVE-2026-27205

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

6.5CVSS5.7AI score0.00374EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/02/23 12:26 a.m.5 views

SUSE CVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

10CVSS6.5AI score0.0079EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/02/23 12:25 a.m.3 views

SUSE CVE-2026-2492

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

7.8CVSS6.2AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/22 12:30 a.m.7 views

SUSE CVE-2025-15581

Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access...

5.7CVSS5.8AI score0.00408EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/21 12:27 a.m.3 views

SUSE CVE-2025-69725

An Open Redirect vulnerability in the go-chi/chi =5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/21 12:25 a.m.4 views

SUSE CVE-2026-2044

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...

7.8CVSS6.3AI score0.00972EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/21 12:25 a.m.4 views

SUSE CVE-2026-2045

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ...

7.8CVSS6.3AI score0.00566EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/21 12:25 a.m.3 views

SUSE CVE-2026-2047

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

7.8CVSS6.3AI score0.0062EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/02/21 12:25 a.m.2 views

SUSE CVE-2026-2048

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ...

7.8CVSS6.3AI score0.00622EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/02/21 12:25 a.m.4 views

SUSE CVE-2026-2705

A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The manipulation results in out-of-bounds read. It is possible to launch the attack remotely. The exploi...

8.1CVSS5.4AI score0.007EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/02/21 12:25 a.m.5 views

SUSE CVE-2026-2739

This affects versions of the package bn.js before 5.2.3. Calling maskn0 on any BN instance corrupts the internal state, causing toString, divmod, and other methods to enter an infinite loop, hanging the process indefinitely...

6.9CVSS5.8AI score0.00467EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/21 12:25 a.m.6 views

SUSE CVE-2026-21620

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...

8.1CVSS5.8AI score0.00461EPSS
Exploits0References6
Total number of security vulnerabilities59854