Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/02/12 12:25 a.m.•6 views

SUSE CVE-2026-26007

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the...

5.9CVSS5.7AI score0.00341EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/02/12 12:25 a.m.•10 views

SUSE CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

4.7CVSS5.4AI score0.00292EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/11 12:24 a.m.•2 views

SUSE CVE-2026-1584

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS5.8AI score0.01382EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/11 12:24 a.m.•2 views

SUSE CVE-2026-2271

A flaw was found in GIMP's PSP Paint Shop Pro file parser. A remote attacker could exploit an integer overflow vulnerability in the readcreatorblock function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory...

7.8CVSS7.1AI score0.00494EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/02/11 12:24 a.m.•2 views

SUSE CVE-2026-2272

A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the icoreadinfo and icoreadicon functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized imag...

7.8CVSS7.3AI score0.00838EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/02/11 12:23 a.m.•6 views

SUSE CVE-2026-23948

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability...

5.3CVSS5.6AI score0.00467EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/02/11 12:23 a.m.•3 views

SUSE CVE-2026-24491

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerability is fixed in 3.22.0...

7.3CVSS5.6AI score0.00467EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/02/11 12:23 a.m.•2 views

SUSE CVE-2026-24675

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...

7.3CVSS5.7AI score0.00467EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/02/11 12:23 a.m.•4 views

SUSE CVE-2026-24676

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. This vulnerability is fixed in 3.22.0...

7.3CVSS5.6AI score0.00467EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/02/11 12:23 a.m.•6 views

SUSE CVE-2026-24677

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecamencodercompressh264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in swsscale. This vulnerability is fixed in 3.22.0...

7.3CVSS5.8AI score0.00489EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/02/11 12:23 a.m.•4 views

SUSE CVE-2026-24678

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite. This vulnerability is fixed in 3.22.0...

7.3CVSS5.6AI score0.00628EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/02/11 12:23 a.m.•5 views

SUSE CVE-2026-24681

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion. This vulnerability is fixed in 3.22.0...

7.3CVSS5.6AI score0.00467EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2026/02/11 12:23 a.m.•6 views

SUSE CVE-2026-24682

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audinserverrecvformats frees an incorrect number of audio formats on parse failure i + i, leading to out-of-bounds access in audioformatsfree. This vulnerability is fixed in 3.22.0...

7.3CVSS5.6AI score0.00467EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/02/11 12:23 a.m.•5 views

SUSE CVE-2026-25646

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...

7CVSS5.6AI score0.00955EPSS
Exploits1References24
SUSE CVE
SUSE CVE
•added 2026/02/11 12:23 a.m.•3 views

SUSE CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.8AI score0.00351EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/11 12:23 a.m.•4 views

SUSE CVE-2026-25892

Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from a...

7.5CVSS5.7AI score0.01586EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/02/10 12:26 a.m.•6 views

SUSE CVE-2026-0398

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor...

5.3CVSS5.5AI score0.00407EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/10 12:25 a.m.•4 views

SUSE CVE-2026-1615

Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can...

9.8CVSS7AI score0.01049EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/02/10 12:25 a.m.•5 views

SUSE CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.4CVSS5.5AI score0.05431EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/02/10 12:25 a.m.•4 views

SUSE CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

3.3CVSS7.1AI score0.00485EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/02/10 12:25 a.m.•5 views

SUSE CVE-2026-2240

A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetcpopfuncdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be use...

6.1CVSS4.9AI score0.00157EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/02/10 12:25 a.m.•6 views

SUSE CVE-2026-2241

A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function osstrftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is...

6.1CVSS5.1AI score0.00169EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/02/10 12:25 a.m.•6 views

SUSE CVE-2026-2242

A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetcif of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This...

6.1CVSS5AI score0.00157EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/02/10 12:24 a.m.•3 views

SUSE CVE-2026-24027

Crafted zones can lead to increased incoming network traffic...

5.3CVSS5.5AI score0.00396EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/10 12:24 a.m.•6 views

SUSE CVE-2026-25556

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fzfillpixmapfromdisplaylist when an exception occurs during display list rendering. The function accepts a caller-owned fzpixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the...

7.5CVSS5.5AI score0.00477EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/02/10 12:23 a.m.•3 views

SUSE CVE-2026-25635

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows haven't tested on other OS's, this can lead to Remote Code Execution by writing a payload to the Startup...

8.6CVSS5.9AI score0.00438EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/02/10 12:23 a.m.•6 views

SUSE CVE-2026-25636

calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to...

8.2CVSS5.8AI score0.00209EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/02/10 12:23 a.m.•4 views

SUSE CVE-2026-25727

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

7.5CVSS5.5AI score0.00291EPSS
Exploits0References31
SUSE CVE
SUSE CVE
•added 2026/02/10 12:23 a.m.•4 views

SUSE CVE-2026-25731

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

7.8CVSS6.4AI score0.00241EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2026/02/10 12:23 a.m.•8 views

SUSE CVE-2026-25749

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the gettagfname function in src/tag.c. When processing help file tags,...

6.6CVSS5.8AI score0.00213EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/02/10 12:23 a.m.•4 views

SUSE CVE-2026-25793

Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of th...

8.1CVSS5.5AI score0.00133EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/02/10 12:23 a.m.•3 views

SUSE CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

4.3CVSS5.5AI score0.00629EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2026/02/08 12:44 a.m.•8 views

SUSE CVE-2020-37127

Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcprelease utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcprelease process by sending a crafted input string longer than 16...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/08 12:23 a.m.•6 views

SUSE CVE-2026-23989

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

8.1CVSS5.4AI score0.00273EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:27 a.m.•4 views

SUSE CVE-2025-69199

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...

8.3CVSS5.3AI score0.00251EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:27 a.m.•4 views

SUSE CVE-2025-69820

Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function...

6CVSS5.4AI score0.00881EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:27 a.m.•7 views

SUSE CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

6.1CVSS5.5AI score0.00244EPSS
Exploits4References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:27 a.m.•4 views

SUSE CVE-2026-0798

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

3.5CVSS5.2AI score0.00237EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:26 a.m.•5 views

SUSE CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

2.1CVSS5.3AI score0.00133EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:26 a.m.•4 views

SUSE CVE-2026-1580

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

8.8CVSS6.3AI score0.00485EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:26 a.m.•6 views

SUSE CVE-2026-1979

A flaw has been found in mruby up to 3.4.0. This affects the function mrbvmexec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been published and may be used. This...

5.5CVSS4.9AI score0.00153EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:26 a.m.•7 views

SUSE CVE-2026-1998

A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mpimportall of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name:...

5.5CVSS4.2AI score0.00203EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:26 a.m.•3 views

SUSE CVE-2026-2100

A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the CDeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potential...

7.5CVSS5.9AI score0.0116EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/02/07 12:26 a.m.•5 views

SUSE CVE-2026-20736

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access...

7.5CVSS5.3AI score0.00358EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:26 a.m.•5 views

SUSE CVE-2026-20750

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization...

9.1CVSS5.3AI score0.00392EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:26 a.m.•5 views

SUSE CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.3AI score0.00344EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:26 a.m.•6 views

SUSE CVE-2026-20883

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

6.5CVSS5.3AI score0.00333EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:26 a.m.•5 views

SUSE CVE-2026-20888

Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...

4.3CVSS5.3AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:26 a.m.•6 views

SUSE CVE-2026-20897

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...

9.1CVSS5.3AI score0.00415EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/07 12:26 a.m.•5 views

SUSE CVE-2026-20904

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities...

6.5CVSS5.3AI score0.00277EPSS
Exploits0References3
Total number of security vulnerabilities59854