Lucene search
K
SusecveRecent

59189 matches found

SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.6 views

SUSE CVE-2026-12469

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.3AI score0.00186EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.7 views

SUSE CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/18 1:56 a.m.7 views

SUSE CVE-2026-36849

unknown...

5.2AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:54 a.m.9 views

SUSE CVE-2026-47753

unknown...

5.2AI score0.00011EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:54 a.m.8 views

SUSE CVE-2026-47763

unknown...

5.2AI score0.00024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:54 a.m.8 views

SUSE CVE-2026-47764

unknown...

5.2AI score0.00047EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:54 a.m.7 views

SUSE CVE-2026-47781

unknown...

5.2AI score0.00028EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:54 a.m.10 views

SUSE CVE-2026-48020

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...

10CVSS5.9AI score0.00591EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:54 a.m.7 views

SUSE CVE-2026-48045

unknown...

5.8AI score0.00018EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.7 views

SUSE CVE-2026-48817

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an...

5.3CVSS5.7AI score0.00213EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.7 views

SUSE CVE-2026-48818

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account's...

7.5CVSS5.9AI score0.00368EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.7 views

SUSE CVE-2026-49853

unknown...

7.4CVSS5.8AI score0.00034EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.8 views

SUSE CVE-2026-49854

unknown...

3.7CVSS5.8AI score0.00027EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.6 views

SUSE CVE-2026-49855

unknown...

7.5CVSS5.8AI score0.00052EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.5 views

SUSE CVE-2026-50133

unknown...

5.8AI score0.00024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.7 views

SUSE CVE-2026-50269

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.8 views

SUSE CVE-2026-52718

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.6 views

SUSE CVE-2026-52719

An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...

7.1CVSS5.9AI score0.0028EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.6 views

SUSE CVE-2026-52720

A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...

8.8CVSS6.5AI score0.00489EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.7 views

SUSE CVE-2026-52721

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...

5.3CVSS6AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.6 views

SUSE CVE-2026-52722

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS5.9AI score0.00288EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.8 views

SUSE CVE-2026-53703

A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...

7.1CVSS5.9AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.7 views

SUSE CVE-2026-53704

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS5.8AI score0.00186EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:53 a.m.7 views

SUSE CVE-2026-53705

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

7.6CVSS6.4AI score0.003EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/17 2:30 a.m.6 views

SUSE CVE-2024-38798

EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...

5.8CVSS5.3AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/17 2:25 a.m.6 views

SUSE CVE-2025-61971

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...

5.9CVSS5.2AI score0.00116EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.10 views

SUSE CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

8.8CVSS6AI score0.01131EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.8 views

SUSE CVE-2026-11832

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable...

5.3AI score0.00327EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.5 views

SUSE CVE-2026-12087

Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, packipmreqsource checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte...

5.3AI score0.00389EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.7 views

SUSE CVE-2026-12216

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a manipulation of the argument countinstr can lead to memory corruption. The attack requires local access. The exploit has been made available to th...

5.3CVSS5.3AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.6 views

SUSE CVE-2026-12289

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

8.8CVSS5.2AI score0.00395EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.7 views

SUSE CVE-2026-12290

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

8.1CVSS5.8AI score0.00397EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.7 views

SUSE CVE-2026-12291

Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

8.8CVSS5.2AI score0.00382EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.4 views

SUSE CVE-2026-12292

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

6.3CVSS5.2AI score0.00398EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.7 views

SUSE CVE-2026-12294

Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

8.8CVSS5.2AI score0.00363EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.7 views

SUSE CVE-2026-12295

Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

8.8CVSS5.2AI score0.00393EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.4 views

SUSE CVE-2026-12296

Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

8.8CVSS5.2AI score0.00393EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.6 views

SUSE CVE-2026-12297

Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

8.8CVSS5.3AI score0.00393EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.8 views

SUSE CVE-2026-12298

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.4CVSS5.8AI score0.00306EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.7 views

SUSE CVE-2026-12299

JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

5.4CVSS5.2AI score0.00306EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.7 views

SUSE CVE-2026-12302

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...

6.5CVSS5.3AI score0.00248EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.6 views

SUSE CVE-2026-12304

Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

9.1CVSS5.3AI score0.00189EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.5 views

SUSE CVE-2026-12305

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.6 views

SUSE CVE-2026-12306

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.6 views

SUSE CVE-2026-12307

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.6 views

SUSE CVE-2026-12308

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.6 views

SUSE CVE-2026-12309

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

6.5CVSS5.8AI score0.00235EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/17 2:22 a.m.4 views

SUSE CVE-2026-23517

Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server...

8.7CVSS5.2AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/17 2:21 a.m.6 views

SUSE CVE-2026-24895

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP's CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the...

9.8CVSS5.5AI score0.0058EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/17 2:21 a.m.6 views

SUSE CVE-2026-27465

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet's configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

6.5CVSS7.8AI score0.00241EPSS
Exploits0References3
Total number of security vulnerabilities59189