Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/01/09 12:45 a.m.•7 views

SUSE CVE-2023-21963

unknown...

2.7CVSS7AI score0.00989EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/09 12:45 a.m.•5 views

SUSE CVE-2023-22015

unknown...

4.9CVSS7AI score0.00884EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/09 12:45 a.m.•6 views

SUSE CVE-2023-22026

unknown...

4.9CVSS7AI score0.00871EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/09 12:45 a.m.•6 views

SUSE CVE-2023-22028

unknown...

4.9CVSS7AI score0.00891EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/09 12:44 a.m.•5 views

SUSE CVE-2023-37478

pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via...

9.8CVSS6.9AI score0.00941EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/09 12:35 a.m.•9 views

SUSE CVE-2024-53866

The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data including on first...

9.8CVSS7.9AI score0.00942EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/09 12:34 a.m.•4 views

SUSE CVE-2025-13151

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1expendoctetstring...

6.6CVSS7.4AI score0.01109EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2026/01/09 12:24 a.m.•6 views

SUSE CVE-2025-68151

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

8.7CVSS7.3AI score0.00412EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/09 12:24 a.m.•8 views

SUSE CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

5.7CVSS5.8AI score0.00237EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/01/09 12:23 a.m.•4 views

SUSE CVE-2025-69263

pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies and git-hosted tarballs in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package...

8.8CVSS7.1AI score0.0031EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/09 12:23 a.m.•5 views

SUSE CVE-2025-69264

pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks postinstall scripts via the...

9.8CVSS8.7AI score0.01023EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/09 12:23 a.m.•5 views

SUSE CVE-2026-0710

A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol SIP messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a denial of service. Under specific conditions...

8.4CVSS5.7AI score0.00219EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/09 12:23 a.m.•2 views

SUSE CVE-2026-0719

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

8.1CVSS6.8AI score0.00557EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2026/01/09 12:23 a.m.•8 views

SUSE CVE-2026-21441

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

4.3CVSS6.6AI score0.02667EPSS
Exploits0References23
SUSE CVE
SUSE CVE
•added 2026/01/09 12:23 a.m.•18 views

SUSE CVE-2026-21869

llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...

9.8CVSS8.3AI score0.00438EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/09 12:23 a.m.•21 views

SUSE CVE-2026-21883

Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist e.g., dashboard.corp, an attacker can register a domain like dashboard.corp.attacker.com or use a subdomain if applicable and lure a victim to visit it. The...

7.4CVSS6.8AI score0.00159EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/09 12:23 a.m.•7 views

SUSE CVE-2026-21895

The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...

3.3CVSS6.9AI score0.00405EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/09 12:23 a.m.•6 views

SUSE CVE-2026-22028

Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...

9.2CVSS6.7AI score0.00227EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/09 12:23 a.m.•3 views

SUSE CVE-2026-22184

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz...

8.6CVSS7.4AI score0.0035EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/09 12:23 a.m.•3 views

SUSE CVE-2026-22185

OpenLDAP Lightning Memory-Mapped Database LMDB versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline function of mdbload. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause...

3.3CVSS6.9AI score0.00127EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/01/09 12:23 a.m.•2 views

SUSE CVE-2026-38264

unknown...

7AI score
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/01/08 12:33 a.m.•10 views

SUSE CVE-2025-8556

A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange...

3.7CVSS8AI score0.00485EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/08 12:32 a.m.•5 views

SUSE CVE-2025-13034

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

5.9CVSS6.5AI score0.00227EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/08 12:32 a.m.•4 views

SUSE CVE-2025-14017

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

6.3CVSS6.7AI score0.00106EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/01/08 12:31 a.m.•3 views

SUSE CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.6AI score0.00611EPSS
Exploits1References12
SUSE CVE
SUSE CVE
•added 2026/01/08 12:31 a.m.•2 views

SUSE CVE-2025-14819

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

5.3CVSS6.3AI score0.00679EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/01/08 12:31 a.m.•6 views

SUSE CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

5.3CVSS6.5AI score0.00457EPSS
Exploits1References12
SUSE CVE
SUSE CVE
•added 2026/01/08 12:31 a.m.•2 views

SUSE CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

3.1CVSS6.6AI score0.00413EPSS
Exploits1References11
SUSE CVE
SUSE CVE
•added 2026/01/08 12:31 a.m.•4 views

SUSE CVE-2025-15444

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium = 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://vulners.com/cve/CVE-2025-69277 . The libsodium...

6.8CVSS6.5AI score0.00228EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/08 12:26 a.m.•5 views

SUSE CVE-2025-67603

A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31...

5.1CVSS6.8AI score0.00148EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/08 12:26 a.m.•3 views

SUSE CVE-2025-67858

A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31...

7CVSS6.7AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/08 12:26 a.m.•6 views

SUSE CVE-2025-67859

A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power profile in use as well as the daemon's log settings.This issue affects TLP: from 1.9 before 1.9.1...

5.1CVSS6.6AI score0.00203EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/08 12:25 a.m.•5 views

SUSE CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

8.8CVSS6AI score0.06545EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2026/01/08 12:25 a.m.•3 views

SUSE CVE-2026-21428

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the writeheaders function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability allows attackers to add...

8.7CVSS6.5AI score0.00372EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•5 views

SUSE CVE-2025-15269

FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

8.8CVSS8.8AI score0.00474EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•3 views

SUSE CVE-2025-15270

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...

8.8CVSS8.8AI score0.00581EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•11 views

SUSE CVE-2025-15271

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...

8.8CVSS8.8AI score0.00581EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•3 views

SUSE CVE-2025-15272

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS8.8AI score0.00579EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•3 views

SUSE CVE-2025-15273

FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS8.8AI score0.0058EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•5 views

SUSE CVE-2025-15274

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS8.8AI score0.00579EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•3 views

SUSE CVE-2025-15275

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS8.8AI score0.0058EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•7 views

SUSE CVE-2025-15276

FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.8AI score0.00329EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•4 views

SUSE CVE-2025-15277

FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.8AI score0.00259EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•4 views

SUSE CVE-2025-15278

FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8CVSS7.9AI score0.00263EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•3 views

SUSE CVE-2025-15279

FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.8AI score0.00259EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•2 views

SUSE CVE-2025-15280

FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

8.8CVSS8.8AI score0.00532EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/07 12:24 a.m.•3 views

SUSE CVE-2025-62877

Projects using the SUSE Virtualization Harvester environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is...

9.8CVSS7AI score0.00473EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/07 12:24 a.m.•3 views

SUSE CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS6.7AI score0.00487EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/01/07 12:24 a.m.•4 views

SUSE CVE-2025-69224

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...

6.5CVSS6.7AI score0.00213EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/01/07 12:24 a.m.•2 views

SUSE CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

5.3CVSS6.5AI score0.00236EPSS
Exploits0References6
Total number of security vulnerabilities59854