Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/01/07 12:24 a.m.•3 views

SUSE CVE-2025-69226

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

5.3CVSS6.4AI score0.00313EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/01/07 12:24 a.m.•2 views

SUSE CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

7.5CVSS6.7AI score0.00337EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/01/07 12:23 a.m.•4 views

SUSE CVE-2025-69228

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post method, ...

7.5CVSS6.4AI score0.00347EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/01/07 12:23 a.m.•4 views

SUSE CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

7.5CVSS6.3AI score0.00338EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/01/07 12:23 a.m.•2 views

SUSE CVE-2025-69230

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...

6.5CVSS6.4AI score0.00332EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/06 12:37 a.m.•10 views

SUSE CVE-2017-18874

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal...

6.5CVSS6.3AI score0.01233EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:37 a.m.•6 views

SUSE CVE-2017-18878

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...

4.3CVSS4.9AI score0.0077EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:37 a.m.•8 views

SUSE CVE-2017-18885

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf...

9.8CVSS9.2AI score0.01175EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:37 a.m.•10 views

SUSE CVE-2017-18886

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands...

8.8CVSS8.4AI score0.00947EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:37 a.m.•6 views

SUSE CVE-2017-18887

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members...

5.3CVSS5.5AI score0.0092EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:36 a.m.•5 views

SUSE CVE-2017-18888

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts...

9.8CVSS9.6AI score0.01103EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:36 a.m.•13 views

SUSE CVE-2017-18889

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API...

4.3CVSS4.9AI score0.00664EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:36 a.m.•16 views

SUSE CVE-2017-18890

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...

4.3CVSS4.8AI score0.0077EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:29 a.m.•17 views

SUSE CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

7.5CVSS6.3AI score0.00467EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:29 a.m.•5 views

SUSE CVE-2024-41265

A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function...

7.5CVSS6.3AI score0.00258EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:28 a.m.•4 views

SUSE CVE-2025-8110

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code...

8.8CVSS7.1AI score0.7654EPSS
Exploits16References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:28 a.m.•17 views

SUSE CVE-2025-11393

A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...

8.7CVSS6.8AI score0.00215EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:28 a.m.•10 views

SUSE CVE-2025-11777

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

4.3CVSS6.7AI score0.00162EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:28 a.m.•16 views

SUSE CVE-2025-12419

Mattermost versions 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12, 11.0.x = 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of...

9.9CVSS6.8AI score0.0031EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:28 a.m.•21 views

SUSE CVE-2025-12421

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email...

9.9CVSS7.3AI score0.0031EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:28 a.m.•8 views

SUSE CVE-2025-12559

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

4.3CVSS6.8AI score0.00187EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:28 a.m.•10 views

SUSE CVE-2025-12689

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request...

6.5CVSS7AI score0.0024EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:28 a.m.•35 views

SUSE CVE-2025-13324

Mattermost versions 10.11.x = 10.11.5, 11.0.x = 11.0.4, 10.12.x = 10.12.2 fail to invalidate remote cluster invite tokens when using the legacy version 1 protocol or when the confirming party does not provide a refreshed token, which allows an attacker who has obtained an invite token to...

3.7CVSS7AI score0.00167EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:28 a.m.•22 views

SUSE CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS7.1AI score0.00145EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:28 a.m.•10 views

SUSE CVE-2025-13888

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...

9.1CVSS6.7AI score0.0063EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:27 a.m.•16 views

SUSE CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...

6CVSS6.8AI score0.00094EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:27 a.m.•9 views

SUSE CVE-2025-34410

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...

7.1CVSS6.8AI score0.00133EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:27 a.m.•9 views

SUSE CVE-2025-34429

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...

7.1CVSS7.1AI score0.0015EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:27 a.m.•10 views

SUSE CVE-2025-34430

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

5.1CVSS7.1AI score0.00179EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•6 views

SUSE CVE-2025-60633

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the NudmSubscriberDataManagement API...

6.5CVSS6.9AI score0.00312EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•39 views

SUSE CVE-2025-62155

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...

8.5CVSS6.9AI score0.00259EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•11 views

SUSE CVE-2025-62190

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...

4.3CVSS6.8AI score0.001EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•20 views

SUSE CVE-2025-64521

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...

4.8CVSS7AI score0.00197EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•9 views

SUSE CVE-2025-64708

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...

5.8CVSS6.8AI score0.00221EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•27 views

SUSE CVE-2025-64715

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

5.5CVSS6.8AI score0.00161EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•19 views

SUSE CVE-2025-64763

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwardi...

5.3CVSS6.8AI score0.00282EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•12 views

SUSE CVE-2025-65637

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

7.5CVSS6.7AI score0.00585EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•12 views

SUSE CVE-2025-65754

Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename...

6.1CVSS7.1AI score0.00401EPSS
Exploits2References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•10 views

SUSE CVE-2025-65795

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

7.5CVSS6.9AI score0.00223EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•8 views

SUSE CVE-2025-65796

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos...

4.3CVSS7AI score0.00173EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•6 views

SUSE CVE-2025-65797

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...

6.5CVSS6.9AI score0.00245EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•9 views

SUSE CVE-2025-65798

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

5.4CVSS6.9AI score0.00156EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•6 views

SUSE CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...

4.3CVSS7.2AI score0.00185EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•4 views

SUSE CVE-2025-65942

VictoriaMetrics is a scalable solution for monitoring and managing time series data. In versions from 1.0.0 to before 1.110.23, from 1.111.0 to before 1.122.8, and from 1.123.0 to before 1.129.1, affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics...

2.7CVSS6.8AI score0.00298EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•7 views

SUSE CVE-2025-66507

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...

7.5CVSS7AI score0.00405EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•8 views

SUSE CVE-2025-66508

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...

6.5CVSS6.9AI score0.00204EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:24 a.m.•10 views

SUSE CVE-2025-66565

Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator crypto/rand fails, both functions silently fall back to returning predictable UUID values, including the zero UUID...

9.8CVSS6.9AI score0.00409EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:24 a.m.•5 views

SUSE CVE-2025-66626

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the...

8.1CVSS7AI score0.00589EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:24 a.m.•8 views

SUSE CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

9.8CVSS8AI score0.00674EPSS
Exploits2References5
SUSE CVE
SUSE CVE
•added 2026/01/06 12:24 a.m.•4 views

SUSE CVE-2025-67269

An integer underflow vulnerability exists in the nextstate function in gpsd/packet.c of gpsd versions prior to commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated using lexer-length = sizetc - 4 without checking if the input byte c is le...

7.5CVSS6.9AI score0.0047EPSS
Exploits2References5
Total number of security vulnerabilities59854