Lucene search
K
SusecveRecent

59218 matches found

SUSE CVE
SUSE CVE
•added 2026/05/30 2:6 a.m.•13 views

SUSE CVE-2026-42960

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...

5.9CVSS5.7AI score0.00249EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/05/30 2:5 a.m.•12 views

SUSE CVE-2026-44390

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses with very large RRsets with records that don't share a suffix above the root can cause Unbound to...

5.9CVSS5.8AI score0.00556EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/05/30 2:5 a.m.•14 views

SUSE CVE-2026-44608

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers it could result in heap use-after-free and eventual crash. An adversary can...

5.9CVSS5.7AI score0.00255EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•16 views

SUSE CVE-2026-48155

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•21 views

SUSE CVE-2026-48156

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•10 views

SUSE CVE-2026-48163

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...

8CVSS5.8AI score0.01009EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•13 views

SUSE CVE-2026-48165

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

8CVSS5.5AI score0.00967EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•16 views

SUSE CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

4.8CVSS6AI score0.00181EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•13 views

SUSE CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00127EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•18 views

SUSE CVE-2026-48524

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS5.8AI score0.00222EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•13 views

SUSE CVE-2026-48525

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

7.5CVSS5.8AI score0.00288EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•18 views

SUSE CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00394EPSS
Exploits1References11
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•13 views

SUSE CVE-2026-48735

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•14 views

SUSE CVE-2026-48840

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•11 views

SUSE CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

8.8CVSS6.1AI score0.0051EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•14 views

SUSE CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•11 views

SUSE CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 1:59 a.m.•10 views

SUSE CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.0026EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:28 a.m.•11 views

SUSE CVE-2025-8030

Insufficient escaping in the ā€œCopy as cURLā€ feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

5.3CVSS7.2AI score0.00306EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2026/05/29 1:27 a.m.•15 views

SUSE CVE-2025-11713

Insufficient escaping in the ā€œCopy as cURLā€ feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and...

8.1CVSS5.9AI score0.00327EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/05/29 1:27 a.m.•17 views

SUSE CVE-2025-34525

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

5.8AI score
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/05/29 1:24 a.m.•22 views

SUSE CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/05/29 1:24 a.m.•17 views

SUSE CVE-2026-3592

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0...

5.3CVSS5.8AI score0.00406EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/05/29 1:23 a.m.•20 views

SUSE CVE-2026-5946

Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN - for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths - recursio...

7.5CVSS5.9AI score0.0181EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/05/29 1:23 a.m.•17 views

SUSE CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

7.5CVSS5.8AI score0.01387EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/05/29 1:23 a.m.•15 views

SUSE CVE-2026-5950

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 throu...

5.3CVSS5.8AI score0.00551EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2026/05/29 1:23 a.m.•14 views

SUSE CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8.1CVSS5.8AI score0.0032EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/05/29 1:22 a.m.•13 views

SUSE CVE-2026-9759

ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service...

5.5CVSS5.8AI score0.00092EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:22 a.m.•14 views

SUSE CVE-2026-9804

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS5.8AI score0.00515EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:22 a.m.•20 views

SUSE CVE-2026-9818

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

4.7CVSS5.7AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:22 a.m.•15 views

SUSE CVE-2026-9828

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

2.1CVSS6.4AI score0.0037EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:22 a.m.•14 views

SUSE CVE-2026-23679

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

6.9CVSS5.9AI score0.00184EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:22 a.m.•16 views

SUSE CVE-2026-25707

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

7.4CVSS5.8AI score0.006EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/05/29 1:21 a.m.•17 views

SUSE CVE-2026-34043

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...

7.5CVSS5.7AI score0.00472EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/05/29 1:21 a.m.•10 views

SUSE CVE-2026-41052

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/05/29 1:21 a.m.•8 views

SUSE CVE-2026-41053

unknown...

5.8AI score0.0037EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/05/29 1:21 a.m.•19 views

SUSE CVE-2026-42250

bzip2 contains an off-by-one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out-of-bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2 patch...

5.1CVSS5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:20 a.m.•13 views

SUSE CVE-2026-42328

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list...

6.2CVSS5.9AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:20 a.m.•10 views

SUSE CVE-2026-42899

unknown...

7.5CVSS5.7AI score0.0243EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/05/29 1:20 a.m.•12 views

SUSE CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

6.9CVSS5.8AI score0.00324EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:20 a.m.•12 views

SUSE CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

6.1CVSS5.8AI score0.00203EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:20 a.m.•13 views

SUSE CVE-2026-44939

A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/tokenclusterId.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers...

9.4CVSS6AI score0.01277EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/05/29 1:20 a.m.•15 views

SUSE CVE-2026-45076

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

2.7CVSS5.8AI score0.00369EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:20 a.m.•16 views

SUSE CVE-2026-45078

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1...

6.8CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:20 a.m.•14 views

SUSE CVE-2026-45104

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying - it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

7.5CVSS5.8AI score0.0032EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:20 a.m.•12 views

SUSE CVE-2026-45108

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

8.4CVSS5.8AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:20 a.m.•11 views

SUSE CVE-2026-45134

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:20 a.m.•28 views

SUSE CVE-2026-45321

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...

9.6CVSS6AI score0.02342EPSS
Exploits3References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:17 a.m.•14 views

SUSE CVE-2026-46104

In the Linux kernel, the following vulnerability has been resolved: selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperms currently dereference sk-sksecurity directly, which assumes the...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:17 a.m.•9 views

SUSE CVE-2026-46105

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capability. However, because the driver allocates a fixed 4K buffer for the PRP list, accommodating at most 5...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References3
Total number of security vulnerabilities59218