Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/01/23 12:24 a.m.•6 views

SUSE CVE-2026-23736

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This vulnerability affects only JSON...

9.8CVSS5.7AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/23 12:24 a.m.•5 views

SUSE CVE-2026-23737

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...

7.5CVSS6.1AI score0.00519EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/23 12:24 a.m.•6 views

SUSE CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS5.9AI score0.00162EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/01/23 12:24 a.m.•7 views

SUSE CVE-2026-23952

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL Magick Scripting Language parser when processing tags before images are loaded. This can lead to DoS attack due to...

6.5CVSS5.7AI score0.0043EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2026/01/23 12:24 a.m.•8 views

SUSE CVE-2026-23956

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 0.2.0 through 1.4.0, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegE...

7.5CVSS5.7AI score0.00481EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/23 12:24 a.m.•5 views

SUSE CVE-2026-23957

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing...

7.5CVSS5.5AI score0.00395EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/23 12:24 a.m.•6 views

SUSE CVE-2026-23991

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...

5.3CVSS5.5AI score0.0053EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/01/23 12:24 a.m.•7 views

SUSE CVE-2026-23992

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

5.3CVSS5.6AI score0.00196EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/01/23 12:24 a.m.•4 views

SUSE CVE-2026-24006

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

7.5CVSS5.5AI score0.00403EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/23 12:24 a.m.•6 views

SUSE CVE-2026-24049

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...

7.7CVSS6.3AI score0.00311EPSS
Exploits2References11
SUSE CVE
SUSE CVE
•added 2026/01/23 12:24 a.m.•5 views

SUSE CVE-2026-24061

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable...

9.8CVSS5.5AI score0.98871EPSS
Exploits62References3
SUSE CVE
SUSE CVE
•added 2026/01/22 1:2 a.m.•34 views

SUSE CVE-2021-47853

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.1AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/22 1:2 a.m.•8 views

SUSE CVE-2021-47865

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...

8.7CVSS5.5AI score0.00538EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/22 12:39 a.m.•3 views

SUSE CVE-2025-11468

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...

7.5CVSS5.4AI score0.0055EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/01/22 12:38 a.m.•5 views

SUSE CVE-2025-13878

Malformed BRID/HHIT records can cause named to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1...

7.5CVSS5.5AI score0.08219EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/01/22 12:38 a.m.•5 views

SUSE CVE-2025-15281

Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the wewordv member, which on subsequent calls to wordfree may abort the process...

5.5CVSS5.4AI score0.00286EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2026/01/22 12:38 a.m.•6 views

SUSE CVE-2025-15282

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6.5CVSS5.4AI score0.0048EPSS
Exploits0References25
SUSE CVE
SUSE CVE
•added 2026/01/22 12:38 a.m.•4 views

SUSE CVE-2025-15366

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

6.7CVSS5.5AI score0.00344EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2026/01/22 12:38 a.m.•4 views

SUSE CVE-2025-15367

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

6.7CVSS5.5AI score0.00315EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2026/01/22 12:29 a.m.•7 views

SUSE CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

7.8CVSS9.2AI score0.16903EPSS
Exploits3References3
SUSE CVE
SUSE CVE
•added 2026/01/22 12:29 a.m.•6 views

SUSE CVE-2025-57155

NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...

7.5CVSS5.6AI score0.00332EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/22 12:29 a.m.•4 views

SUSE CVE-2025-57156

NULL pointer dereference in the dacpreplyplayqueueeditclear function in src/httpddacp.c in owntone-server through commit 6d604a1 newer commit after version 28.12 allows remote attackers to cause a Denial of Service crash...

7.5CVSS5.6AI score0.0043EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/22 12:28 a.m.•5 views

SUSE CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

7.5CVSS5.5AI score0.00352EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/22 12:28 a.m.•5 views

SUSE CVE-2025-63648

A NULL pointer dereference in the dacpreplyplayqueueeditmove function src/httpddacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...

7.5CVSS5.5AI score0.00324EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/22 12:25 a.m.•6 views

SUSE CVE-2026-0672

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

7.5CVSS5.4AI score0.00401EPSS
Exploits0References29
SUSE CVE
SUSE CVE
•added 2026/01/22 12:25 a.m.•3 views

SUSE CVE-2026-0865

User-controlled header names and values containing newlines can allow injecting HTTP headers...

6.5CVSS5.4AI score0.00463EPSS
Exploits0References35
SUSE CVE
SUSE CVE
•added 2026/01/22 12:25 a.m.•2 views

SUSE CVE-2026-0988

A flaw was found in glib. Missing validation of offset and count parameters in the gbufferedinputstreampeek function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy, triggering...

3.7CVSS6AI score0.00396EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2026/01/22 12:25 a.m.•5 views

SUSE CVE-2026-1220

Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.8AI score0.00297EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/22 12:25 a.m.•2 views

SUSE CVE-2026-21925

unknown...

4.8CVSS5.4AI score0.00212EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/01/22 12:25 a.m.•2 views

SUSE CVE-2026-21932

unknown...

7.4CVSS5.4AI score0.00427EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/01/22 12:25 a.m.•4 views

SUSE CVE-2026-21933

unknown...

6.1CVSS5.4AI score0.00261EPSS
Exploits1References22
SUSE CVE
SUSE CVE
•added 2026/01/22 12:25 a.m.•3 views

SUSE CVE-2026-21945

unknown...

7.5CVSS5.4AI score0.00864EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/01/22 12:25 a.m.•3 views

SUSE CVE-2026-21975

unknown...

4.5CVSS5.4AI score0.00215EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/22 12:25 a.m.•6 views

SUSE CVE-2026-22976

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

5.5CVSS5.3AI score0.00118EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2026/01/22 12:24 a.m.•7 views

SUSE CVE-2026-22977

In the Linux kernel, the following vulnerability has been resolved: net: sock: fix hardened usercopy panic in sockrecverrqueue skbufffclonecache was created without defining a usercopy region, 1 unlike skbuffheadcache which properly whitelists the cb field. 2 This causes a usercopy BUG when...

6.1CVSS5.5AI score0.00123EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/21 12:21 a.m.•6 views

SUSE CVE-2025-64118

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

6.1CVSS6.4AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/21 12:20 a.m.•4 views

SUSE CVE-2026-22770

ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will...

6.5CVSS5.5AI score0.00336EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/01/21 12:20 a.m.•5 views

SUSE CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

7.5CVSS5.6AI score0.00334EPSS
Exploits2References5
SUSE CVE
SUSE CVE
•added 2026/01/21 12:20 a.m.•5 views

SUSE CVE-2026-23874

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL Magick Scripting Language command when writing to MSL format. Version 7.1.2-13 fixes the issue...

5.5CVSS5.6AI score0.00161EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2026/01/21 12:20 a.m.•6 views

SUSE CVE-2026-23876

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

8.1CVSS5.9AI score0.00609EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2026/01/21 12:20 a.m.•4 views

SUSE CVE-2026-23949

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the jaraco.context.tarball function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract file...

7.4CVSS5.5AI score0.00527EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/01/20 12:32 a.m.•9 views

SUSE CVE-2025-15533

A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclos...

7.8CVSS5.6AI score0.00306EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/20 12:32 a.m.•16 views

SUSE CVE-2025-15534

A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used...

7.8CVSS5.2AI score0.00219EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/20 12:31 a.m.•6 views

SUSE CVE-2025-15536

A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made...

4.4CVSS5.7AI score0.0023EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/01/20 12:31 a.m.•10 views

SUSE CVE-2025-15538

A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to ...

7.8CVSS5AI score0.00165EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/20 12:28 a.m.•37 views

SUSE CVE-2025-51602

mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server...

4.8CVSS5.4AI score0.00368EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/20 12:27 a.m.•9 views

SUSE CVE-2025-68616

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...

7.5CVSS5.6AI score0.00501EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2026/01/20 12:26 a.m.•7 views

SUSE CVE-2026-0943

HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability. Versions before 0.032 contain HarfBuzz 8.4.0 or earlier bundled as hbsrc.tar.gz in the source tarball, which is affected by CVE-2026-22693...

7.5CVSS5.5AI score0.00424EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/20 12:26 a.m.•6 views

SUSE CVE-2026-1144

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is...

8.8CVSS5.2AI score0.00349EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/20 12:26 a.m.•5 views

SUSE CVE-2026-1145

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function jstypedarrayconstructorta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may ...

8.8CVSS5.8AI score0.0034EPSS
Exploits1References3
Total number of security vulnerabilities59854