Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•4 views

SUSE CVE-2025-71097

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix reference count leak when using error routes with nexthop objects When a nexthop object is deleted, it is marked as dead and then fibtableflush is called to flush all the routes that are using the dead nexthop. The...

4.7CVSS6.4AI score0.00114EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•5 views

SUSE CVE-2025-71098

In the Linux kernel, the following vulnerability has been resolved: ip6gre: make ip6greheader robust Over the years, syzbot found many ways to crash the kernel in ip6greheader 1. This involves team or bonding drivers ability to dynamically change their dev-neededheadroom and/or dev-hardheaderlen ...

5.5CVSS6.4AI score0.00114EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•5 views

SUSE CVE-2025-71099

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xeoaaddconfigioctl In xeoaaddconfigioctl, we accessed oaconfig-id after dropping metricslock. Since this lock protects the lifetime of oaconfig, an attacker could guess the id and call...

6.4CVSS6.1AI score0.00115EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•6 views

SUSE CVE-2025-71100

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cutxfilldesc TID getting from ieee80211gettid might be out of range of array size of staentry-tids, so check TID is less than MAXTIDCOUNT. Othwerwise, UBSAN warn: UBSAN:...

6.5CVSS6.6AI score0.00119EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•4 views

SUSE CVE-2025-71101

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hppopulateelementsfrompackage functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities. These functions parse ACPI...

6.5CVSS6.6AI score0.00117EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•3 views

SUSE CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7CVSS7.5AI score0.00286EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•4 views

SUSE CVE-2026-0877

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.1CVSS5.8AI score0.00421EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•3 views

SUSE CVE-2026-0878

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.3CVSS5.8AI score0.00417EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•4 views

SUSE CVE-2026-0879

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.8CVSS5.8AI score0.00525EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•4 views

SUSE CVE-2026-0880

Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.8CVSS5.8AI score0.0057EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•4 views

SUSE CVE-2026-0881

Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

8.3CVSS5.8AI score0.00306EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•4 views

SUSE CVE-2026-0882

Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•5 views

SUSE CVE-2026-0883

Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

5.3CVSS5.8AI score0.00411EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•2 views

SUSE CVE-2026-0884

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.8CVSS5.8AI score0.00423EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•3 views

SUSE CVE-2026-0885

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•2 views

SUSE CVE-2026-0886

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

4.3CVSS5.8AI score0.00437EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•3 views

SUSE CVE-2026-0887

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

4.3CVSS5.8AI score0.00284EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/14 12:25 a.m.•2 views

SUSE CVE-2026-0888

Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

4.3CVSS5.8AI score0.00313EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/14 12:24 a.m.•3 views

SUSE CVE-2026-0889

Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

6.5CVSS5.8AI score0.00537EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/14 12:24 a.m.•6 views

SUSE CVE-2026-0890

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

6.3CVSS5.8AI score0.00261EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/14 12:24 a.m.•3 views

SUSE CVE-2026-0891

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

7.5CVSS5.9AI score0.00414EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/14 12:24 a.m.•3 views

SUSE CVE-2026-0892

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

7.5CVSS5.9AI score0.00404EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/14 12:24 a.m.•5 views

SUSE CVE-2026-21636

A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...

10CVSS6.7AI score0.00663EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/14 12:24 a.m.•5 views

SUSE CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

5.3CVSS6.4AI score0.01056EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2026/01/14 12:24 a.m.•8 views

SUSE CVE-2026-22695

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function pngimagefinishread when processing interlaced 16-bit PNGs with...

6.1CVSS7.2AI score0.00172EPSS
Exploits1References16
SUSE CVE
SUSE CVE
•added 2026/01/14 12:24 a.m.•3 views

SUSE CVE-2026-22772

Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF on...

5.8CVSS7.2AI score0.0022EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2026/01/14 12:24 a.m.•6 views

SUSE CVE-2026-22776

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...

6.5CVSS6.8AI score0.00353EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/01/14 12:24 a.m.•5 views

SUSE CVE-2026-22801

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

6.8CVSS7.2AI score0.00114EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/13 12:53 a.m.•6 views

SUSE CVE-2025-15506

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

4.8CVSS6.5AI score0.00165EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/13 12:27 a.m.•5 views

SUSE CVE-2025-68276

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon with wide-area disabled by creating record browsers with the AVAHILOOKUPUSEWIDEAREA flag set via D-Bus. This can ...

5.5CVSS6.7AI score0.0014EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2026/01/13 12:25 a.m.•5 views

SUSE CVE-2025-68468

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...

6.5CVSS6.7AI score0.00331EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2026/01/13 12:25 a.m.•5 views

SUSE CVE-2025-68471

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart...

6.5CVSS6.7AI score0.00353EPSS
Exploits1References11
SUSE CVE
SUSE CVE
•added 2026/01/13 12:24 a.m.•6 views

SUSE CVE-2026-0665

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption...

6.1CVSS7.1AI score0.00143EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2026/01/13 12:24 a.m.•4 views

SUSE CVE-2026-21884

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...

8.2CVSS6.5AI score0.00472EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/13 12:24 a.m.•8 views

SUSE CVE-2026-22029

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...

8CVSS6.8AI score0.0077EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/13 12:24 a.m.•5 views

SUSE CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.9AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/13 12:24 a.m.•5 views

SUSE CVE-2026-22690

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be...

5.3CVSS6.8AI score0.00391EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/13 12:24 a.m.•3 views

SUSE CVE-2026-22691

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-referen...

6.9CVSS6.8AI score0.00391EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/13 12:24 a.m.•5 views

SUSE CVE-2026-22693

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construct an object at t...

5.3CVSS7.1AI score0.00377EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2026/01/13 12:24 a.m.•6 views

SUSE CVE-2026-22701

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

5.3CVSS6.4AI score0.00115EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/01/13 12:24 a.m.•5 views

SUSE CVE-2026-22702

virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a rac...

4.5CVSS6.5AI score0.00085EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/01/13 12:24 a.m.•6 views

SUSE CVE-2026-22703

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

5.5CVSS7.1AI score0.00077EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2026/01/10 12:30 a.m.•4 views

SUSE CVE-2025-14338

Polkit authentication dis isabled by default and a race condition in the Polkit authorization check in versions before v0.69.0 can lead to the same issues as in CVE-2025-66005...

8.5CVSS7.2AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/10 12:30 a.m.•2 views

SUSE CVE-2025-14525

A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...

6.4CVSS5.8AI score0.0026EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/01/10 12:24 a.m.•4 views

SUSE CVE-2025-56225

fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluidsynthmonopoly.c, that can be triggered when loading an invalid midi file...

7.5CVSS6.9AI score0.00414EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/10 12:24 a.m.•2 views

SUSE CVE-2025-66005

Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session...

8.5CVSS6.5AI score0.002EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/10 12:23 a.m.•3 views

SUSE CVE-2026-0716

A flaw was found in libsoup's WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash...

6.5CVSS6.3AI score0.00257EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/10 12:23 a.m.•6 views

SUSE CVE-2026-21860

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present...

6.3CVSS6.9AI score0.00424EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/09 12:49 a.m.•5 views

SUSE CVE-2022-21986

unknown...

7.5CVSS7AI score0.03739EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/09 12:45 a.m.•4 views

SUSE CVE-2023-21913

unknown...

4.9CVSS5.5AI score0.01116EPSS
Exploits0References2
Total number of security vulnerabilities59854