Lucene search
K
SusecveRecent

59855 matches found

SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•4 views

SUSE CVE-2016-11077

An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account...

2.7CVSS7AI score0.00624EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•3 views

SUSE CVE-2016-11078

An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information credential fields within config.json via the System Console UI...

6.5CVSS6.6AI score0.00933EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•3 views

SUSE CVE-2016-11079

An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL...

6.1CVSS6.2AI score0.00685EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:27 a.m.•3 views

SUSE CVE-2016-11080

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details...

4.3CVSS6.9AI score0.00651EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:27 a.m.•5 views

SUSE CVE-2016-11081

An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser...

4.3CVSS6.6AI score0.00744EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:27 a.m.•2 views

SUSE CVE-2016-11082

An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link...

6.1CVSS6.2AI score0.00685EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:27 a.m.•3 views

SUSE CVE-2016-11083

An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window...

6.1CVSS6.4AI score0.00685EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:27 a.m.•2 views

SUSE CVE-2016-11084

An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF...

6.1CVSS6.3AI score0.00341EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:23 a.m.•5 views

SUSE CVE-2017-18872

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider...

4.3CVSS6.9AI score0.00565EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:37 a.m.•2 views

SUSE CVE-2025-10545

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...

4.3CVSS6.9AI score0.00306EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:37 a.m.•7 views

SUSE CVE-2025-10954

Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range"...

7.5CVSS6.9AI score0.00421EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:33 a.m.•9 views

SUSE CVE-2025-27093

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...

6.3CVSS7AI score0.00217EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:24 a.m.•4 views

SUSE CVE-2025-41410

Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...

5.4CVSS7AI score0.00285EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:24 a.m.•3 views

SUSE CVE-2025-41443

Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...

4.3CVSS6.7AI score0.00287EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:24 a.m.•5 views

SUSE CVE-2025-54499

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

3.7CVSS6.9AI score0.00246EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:24 a.m.•4 views

SUSE CVE-2025-58073

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

8.1CVSS6.9AI score0.00379EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:24 a.m.•6 views

SUSE CVE-2025-58075

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS6.9AI score0.00307EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•5 views

SUSE CVE-2025-58356

Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...

8.3CVSS6.8AI score0.00105EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•4 views

SUSE CVE-2025-59048

OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a...

8.1CVSS6.7AI score0.00242EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•5 views

SUSE CVE-2025-59530

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...

7.5CVSS7AI score0.00438EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•9 views

SUSE CVE-2025-59836

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...

7.5CVSS6.7AI score0.00542EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•4 views

SUSE CVE-2025-59937

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...

9.1CVSS7.1AI score0.00505EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•6 views

SUSE CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

7.5CVSS8.2AI score0.01129EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•2 views

SUSE CVE-2025-61524

An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly...

7.2CVSS6.9AI score0.00613EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•4 views

SUSE CVE-2025-61581

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

7.5CVSS6.9AI score0.00672EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•2 views

SUSE CVE-2025-61688

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, Omni might leak sensitive information via an API...

7.5CVSS6.7AI score0.00291EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•6 views

SUSE CVE-2025-62156

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic...

8.8CVSS7.2AI score0.00551EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•7 views

SUSE CVE-2025-62157

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...

6.5CVSS6.7AI score0.00434EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•5 views

SUSE CVE-2025-62375

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

6.9CVSS6.4AI score0.0019EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•3 views

SUSE CVE-2025-62506

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...

8.1CVSS7.3AI score0.00523EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•4 views

SUSE CVE-2025-62714

Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints e.g., /api/v1/secret, /api/v1/service did not...

8.7CVSS6.8AI score0.00607EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•3 views

SUSE CVE-2025-62820

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...

4.9CVSS7.1AI score0.00199EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•6 views

SUSE CVE-2025-64101

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

8.8CVSS7.4AI score0.00345EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•4 views

SUSE CVE-2025-64102

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout...

9.8CVSS6.8AI score0.00353EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 12:23 a.m.•5 views

SUSE CVE-2025-64103

Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as...

9.8CVSS7.5AI score0.00336EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/08 12:36 a.m.•1 views

SUSE CVE-2022-50290

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/08 12:32 a.m.•6 views

SUSE CVE-2024-25621

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

7.3CVSS6.8AI score0.00159EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2025/11/08 12:16 a.m.•4 views

SUSE CVE-2025-59801

In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xpsunpredicttiff in xpstiff.c because the samplesperpixel value is not checked...

4.3CVSS7.4AI score0.00188EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/08 12:16 a.m.•6 views

SUSE CVE-2025-59820

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kistgaimport.cpp aka KisTgaImport. Control flow proceeds even when a number of pixels becomes negative...

6.7CVSS7.1AI score0.0018EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/08 12:15 a.m.•4 views

SUSE CVE-2025-64326

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed i...

3.5CVSS6.7AI score0.00181EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/08 12:15 a.m.•4 views

SUSE CVE-2025-64329

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

5.1CVSS6.8AI score0.00162EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2025/11/07 12:35 a.m.•4 views

SUSE CVE-2025-12725

Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.7AI score0.00264EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/07 12:35 a.m.•5 views

SUSE CVE-2025-12726

Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.8AI score0.00225EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/07 12:35 a.m.•4 views

SUSE CVE-2025-12727

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.1AI score0.00256EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/07 12:35 a.m.•3 views

SUSE CVE-2025-12728

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS6.5AI score0.00198EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/07 12:35 a.m.•2 views

SUSE CVE-2025-12729

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS6.5AI score0.00176EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/07 12:25 a.m.•2 views

SUSE CVE-2025-46404

A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

7.5CVSS6.8AI score0.0046EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2025/11/07 12:25 a.m.•5 views

SUSE CVE-2025-46705

A denial of service vulnerability exists in the gassertnotreached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

7.5CVSS6.9AI score0.00444EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2025/11/07 12:25 a.m.•4 views

SUSE CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

7.5CVSS6.9AI score0.0046EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2025/11/07 12:25 a.m.•4 views

SUSE CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

9.8CVSS7.8AI score0.00824EPSS
Exploits1References10
Total number of security vulnerabilities59855