Lucene search
K
SusecveRecent

59189 matches found

SUSE CVE
SUSE CVE
added 2026/06/05 3:14 a.m.7 views

SUSE CVE-2026-24193

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution...

7.8CVSS5.9AI score0.00197EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:14 a.m.11 views

SUSE CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

6.5CVSS5.8AI score0.00228EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:14 a.m.13 views

SUSE CVE-2026-26825

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...

5.3CVSS5.8AI score0.00214EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:12 a.m.9 views

SUSE CVE-2026-37462

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:7 a.m.13 views

SUSE CVE-2026-50031

ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system managemen...

7.5CVSS6AI score0.00405EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/05 3:7 a.m.18 views

SUSE CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:42 a.m.9 views

SUSE CVE-2022-43467

An out-of-bounds write vulnerability exists in the PQS format coordfile functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS7.1AI score0.00843EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/04 2:42 a.m.10 views

SUSE CVE-2022-46280

A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS7AI score0.00843EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/04 2:42 a.m.10 views

SUSE CVE-2022-46291

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to...

7.8CVSS7AI score0.00816EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/04 2:42 a.m.9 views

SUSE CVE-2022-46295

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to...

7.8CVSS7.1AI score0.00863EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/04 2:39 a.m.4 views

SUSE CVE-2024-26991

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: x86: Don't overflow lpageinfo when checking attributes Fix KVMSETMEMORYATTRIBUTES to not overflow lpageinfo array and trigger KASAN splat, as seen in the privatememconversionstest selftest. When memory attributes ar...

5.5CVSS6.4AI score0.00227EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/06/04 2:31 a.m.10 views

SUSE CVE-2025-71313

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for allocworkqueue allocworkqueue can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queuework is later called with...

5.8AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:31 a.m.14 views

SUSE CVE-2025-71314

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthorgpuflushcaches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can recov...

5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:31 a.m.11 views

SUSE CVE-2026-3150

A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacherid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

8.8CVSS6.4AI score0.00265EPSS
Exploits1References13
SUSE CVE
SUSE CVE
added 2026/06/04 2:31 a.m.11 views

SUSE CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

7.5CVSS5.8AI score0.00492EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.11 views

SUSE CVE-2026-6873

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

4.8CVSS5.8AI score0.00245EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.14 views

SUSE CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

7.4CVSS5.7AI score0.0015EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.12 views

SUSE CVE-2026-8404

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.9CVSS5.8AI score0.00285EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.12 views

SUSE CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

8.1CVSS5.8AI score0.00263EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.9 views

SUSE CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

7.5CVSS5.9AI score0.00375EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.10 views

SUSE CVE-2026-10650

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...

6.9CVSS5.7AI score0.00429EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:29 a.m.10 views

SUSE CVE-2026-10705

A flaw has been found in dask up to 3.0. Affected by this issue is the function nuniqueapprox of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...

3.1CVSS5.1AI score0.00287EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.10 views

SUSE CVE-2026-27145

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

3.3CVSS5.9AI score0.00904EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.10 views

SUSE CVE-2026-28847

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

8.8CVSS7.3AI score0.00602EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.9 views

SUSE CVE-2026-28883

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

7.5CVSS5.8AI score0.00399EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.9 views

SUSE CVE-2026-28901

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS5.8AI score0.00389EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.8 views

SUSE CVE-2026-28902

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS5.8AI score0.00389EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.7 views

SUSE CVE-2026-28903

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS5.8AI score0.00389EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.7 views

SUSE CVE-2026-28904

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS5.8AI score0.00411EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.8 views

SUSE CVE-2026-28905

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS5.8AI score0.00411EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.9 views

SUSE CVE-2026-28907

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being...

7.1CVSS5.8AI score0.00304EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.6 views

SUSE CVE-2026-28942

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash...

7.5CVSS5.8AI score0.00462EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.8 views

SUSE CVE-2026-28946

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.8 views

SUSE CVE-2026-28947

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash...

7.5CVSS5.8AI score0.00378EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.8 views

SUSE CVE-2026-28953

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS5.8AI score0.00411EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.9 views

SUSE CVE-2026-28955

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

7.5CVSS7.1AI score0.00693EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.9 views

SUSE CVE-2026-28958

This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data...

6.5CVSS5.8AI score0.0014EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:25 a.m.9 views

SUSE CVE-2026-33245

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

8CVSS5.8AI score0.00188EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:25 a.m.12 views

SUSE CVE-2026-34077

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.9 views

SUSE CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

7CVSS6.1AI score0.00128EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.13 views

SUSE CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

5.9CVSS5.8AI score0.00359EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.9 views

SUSE CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

5.8AI score0.00335EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.7 views

SUSE CVE-2026-40181

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...

8.7CVSS5.8AI score0.00162EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.7 views

SUSE CVE-2026-42039

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and...

7.5CVSS5.8AI score0.00744EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.6 views

SUSE CVE-2026-42043

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range other than 127.0.0.1 to completely bypass the NOPROXY protection. This vulnerability is due t...

10CVSS5.8AI score0.00661EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.9 views

SUSE CVE-2026-42211

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution RCE through external requests. This attack requires the application code to have an existing prototype pollution...

8.1CVSS6.4AI score0.00416EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.8 views

SUSE CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.9 views

SUSE CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

6.5CVSS5.8AI score0.0056EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.7 views

SUSE CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.7 views

SUSE CVE-2026-43658

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash...

6.5CVSS5.8AI score0.00318EPSS
Exploits0References10
Total number of security vulnerabilities59189