Lucene search
K
SusecveRecent

59189 matches found

SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•7 views

SUSE CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

7.8CVSS5.7AI score0.00224EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•6 views

SUSE CVE-2026-54055

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS5.5AI score0.00072EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•7 views

SUSE CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.7AI score0.00268EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•6 views

SUSE CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.4AI score0.00321EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•6 views

SUSE CVE-2026-54421

In OpenStack Ironic before 37.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

6.8CVSS5.8AI score0.00291EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/15 1:28 a.m.•9 views

SUSE CVE-2026-11526

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

8.4CVSS5.5AI score0.01353EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/15 1:20 a.m.•10 views

SUSE CVE-2026-53533

unknown...

5.3AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/15 1:20 a.m.•11 views

SUSE CVE-2026-54057

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...

7.8CVSS5.2AI score0.00166EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:30 a.m.•9 views

SUSE CVE-2025-71329

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.7AI score0.0043EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:30 a.m.•11 views

SUSE CVE-2025-71330

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...

8.7CVSS5.7AI score0.0043EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:29 a.m.•12 views

SUSE CVE-2026-7383

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

5.9CVSS6.3AI score0.00358EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/06/13 2:29 a.m.•14 views

SUSE CVE-2026-9076

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

3.7CVSS5.7AI score0.00297EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/06/13 2:29 a.m.•17 views

SUSE CVE-2026-9648

The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA's permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to...

9.1CVSS5.3AI score0.00223EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•10 views

SUSE CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.1AI score0.00287EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•8 views

SUSE CVE-2026-12008

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.4AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•10 views

SUSE CVE-2026-12009

Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.4AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•9 views

SUSE CVE-2026-12010

Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.7AI score0.00272EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•8 views

SUSE CVE-2026-12011

Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.4AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•14 views

SUSE CVE-2026-12012

Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. Chromium security severity: High...

8.1CVSS5.4AI score0.00225EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•10 views

SUSE CVE-2026-12013

Determined not a vulnerability...

5.2AI score0.0024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•10 views

SUSE CVE-2026-12014

Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. Chromium security severity: High...

8.3CVSS5.3AI score0.00174EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•13 views

SUSE CVE-2026-12015

Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.3AI score0.00227EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•9 views

SUSE CVE-2026-12016

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.4AI score0.00229EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•10 views

SUSE CVE-2026-12017

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.3AI score0.00208EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•9 views

SUSE CVE-2026-12018

Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

8.8CVSS5.3AI score0.0016EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•10 views

SUSE CVE-2026-12019

Heap buffer overflow in Codecs in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00253EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•9 views

SUSE CVE-2026-12020

Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00224EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•11 views

SUSE CVE-2026-12022

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

8.3CVSS5.4AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•6 views

SUSE CVE-2026-12023

Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.4AI score0.00229EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•7 views

SUSE CVE-2026-12024

Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.3AI score0.00158EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•6 views

SUSE CVE-2026-12025

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.3AI score0.00227EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•6 views

SUSE CVE-2026-12026

Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.3AI score0.00236EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•7 views

SUSE CVE-2026-12027

Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.3AI score0.00224EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•4 views

SUSE CVE-2026-12028

Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00229EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•6 views

SUSE CVE-2026-12029

Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•8 views

SUSE CVE-2026-12030

Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•6 views

SUSE CVE-2026-12031

Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•6 views

SUSE CVE-2026-12032

Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.3AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•7 views

SUSE CVE-2026-12033

Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.3AI score0.00189EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•6 views

SUSE CVE-2026-12034

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

8.3CVSS5.4AI score0.0018EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•5 views

SUSE CVE-2026-12035

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00187EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:21 a.m.•6 views

SUSE CVE-2026-34180

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

3.7CVSS5.6AI score0.00513EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2026/06/13 2:21 a.m.•15 views

SUSE CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

3.1CVSS5.5AI score0.00196EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/06/13 2:21 a.m.•10 views

SUSE CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.9CVSS5.3AI score0.00237EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/06/13 2:21 a.m.•7 views

SUSE CVE-2026-34183

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...

6.5CVSS5.4AI score0.00511EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/06/13 2:19 a.m.•44 views

SUSE CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

5.3CVSS5.3AI score0.00684EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/06/13 2:19 a.m.•8 views

SUSE CVE-2026-42766

Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...

5.7CVSS5.3AI score0.00595EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2026/06/13 2:19 a.m.•8 views

SUSE CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

6.5CVSS5.4AI score0.00349EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/06/13 2:19 a.m.•8 views

SUSE CVE-2026-42768

Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...

4.2CVSS5.4AI score0.0035EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/06/13 2:19 a.m.•8 views

SUSE CVE-2026-42769

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

5.9CVSS5.7AI score0.00262EPSS
Exploits0References5
Total number of security vulnerabilities59189