Lucene search
K
SusecveRecent

59380 matches found

SUSE CVE
SUSE CVE
•added 2026/04/23 1:23 a.m.•6 views

SUSE CVE-2026-35554

A race condition in the Apache Kafka Java producer client's buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch's ByteBuffer is...

8.7CVSS5.9AI score0.00328EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/23 1:23 a.m.•6 views

SUSE CVE-2026-40161

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL...

7.7CVSS5.8AI score0.0026EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/23 1:23 a.m.•8 views

SUSE CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.7AI score0.00456EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/23 1:23 a.m.•8 views

SUSE CVE-2026-40606

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

4.8CVSS5.7AI score0.00166EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/23 1:23 a.m.•6 views

SUSE CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

8.8CVSS5.9AI score0.0034EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/23 1:23 a.m.•9 views

SUSE CVE-2026-40903

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/23 1:23 a.m.•7 views

SUSE CVE-2026-40923

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal pat...

5.4CVSS5.8AI score0.0022EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/23 1:23 a.m.•24 views

SUSE CVE-2026-40924

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAllresp.Body with no response body size limit. Any tenant...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/23 1:23 a.m.•20 views

SUSE CVE-2026-40938

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation...

8.5CVSS6.4AI score0.00788EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/23 1:23 a.m.•7 views

SUSE CVE-2026-41051

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...

5CVSS5.8AI score0.00075EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/04/23 1:23 a.m.•41 views

SUSE CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/23 1:23 a.m.•7 views

SUSE CVE-2026-41458

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent...

8.2CVSS5.8AI score0.00364EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/22 1:43 a.m.•6 views

SUSE CVE-2025-15638

Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437...

10CVSS7.1AI score0.0057EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•8 views

SUSE CVE-2026-4367

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the xpmNextWord function by processing a specially crafted or very small XPM X PixMap image file. This improper validation of file boundaries can cause an internal pointer to read...

6.3CVSS4.7AI score0.00129EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•6 views

SUSE CVE-2026-5358

REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused. Secondly it has been discovered that the NIS+ cold start cache...

5.6AI score0.0004EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•6 views

SUSE CVE-2026-5450

Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow...

5.9CVSS6.1AI score0.00451EPSS
Exploits1References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•9 views

SUSE CVE-2026-5928

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...

5.7CVSS5.9AI score0.00345EPSS
Exploits1References11
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•7 views

SUSE CVE-2026-6746

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.5CVSS5.7AI score0.00586EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•9 views

SUSE CVE-2026-6747

Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.5CVSS5.7AI score0.004EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•6 views

SUSE CVE-2026-6748

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

9.8CVSS5.7AI score0.00399EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•6 views

SUSE CVE-2026-6749

Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.5CVSS5.7AI score0.00403EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•5 views

SUSE CVE-2026-6750

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

8.8CVSS5.7AI score0.00483EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•7 views

SUSE CVE-2026-6751

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.3CVSS5.7AI score0.00307EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•5 views

SUSE CVE-2026-6752

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.3CVSS5.7AI score0.00306EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•5 views

SUSE CVE-2026-6753

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.3CVSS5.7AI score0.00306EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•5 views

SUSE CVE-2026-6754

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.5CVSS5.7AI score0.00387EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•7 views

SUSE CVE-2026-6755

Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

6.5CVSS5.7AI score0.00189EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•7 views

SUSE CVE-2026-6756

Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150...

7.5CVSS5.8AI score0.00239EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•7 views

SUSE CVE-2026-6757

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

6.3CVSS5.7AI score0.00293EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•9 views

SUSE CVE-2026-6758

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

7.5CVSS5.7AI score0.00429EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•7 views

SUSE CVE-2026-6759

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.5CVSS5.7AI score0.00363EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•4 views

SUSE CVE-2026-6760

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

9.8CVSS5.7AI score0.00279EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•5 views

SUSE CVE-2026-6761

Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

8.8CVSS5.7AI score0.00221EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•5 views

SUSE CVE-2026-6762

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

6.3CVSS5.7AI score0.00157EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•7 views

SUSE CVE-2026-6763

Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

6.5CVSS5.7AI score0.00191EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•8 views

SUSE CVE-2026-6764

Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

6.5CVSS5.7AI score0.00231EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•4 views

SUSE CVE-2026-6765

Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

5.3CVSS5.7AI score0.00215EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•7 views

SUSE CVE-2026-6766

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.5CVSS5.7AI score0.00257EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•5 views

SUSE CVE-2026-6767

Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

5.3CVSS5.7AI score0.00227EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•9 views

SUSE CVE-2026-6768

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

9.8CVSS5.7AI score0.00285EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/22 1:40 a.m.•6 views

SUSE CVE-2026-6769

Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

8.8CVSS5.7AI score0.00226EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:39 a.m.•8 views

SUSE CVE-2026-6770

Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

6.5CVSS5.7AI score0.04938EPSS
Exploits1References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:39 a.m.•10 views

SUSE CVE-2026-6771

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

9.8CVSS5.7AI score0.00309EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:39 a.m.•7 views

SUSE CVE-2026-6772

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.5CVSS5.7AI score0.00269EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:39 a.m.•11 views

SUSE CVE-2026-6773

Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/22 1:39 a.m.•6 views

SUSE CVE-2026-6774

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

5.4CVSS5.7AI score0.00153EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/22 1:39 a.m.•10 views

SUSE CVE-2026-6775

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

5.3CVSS5.7AI score0.00208EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/22 1:39 a.m.•8 views

SUSE CVE-2026-6776

Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.8CVSS5.7AI score0.0011EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/04/22 1:39 a.m.•6 views

SUSE CVE-2026-6777

Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

5.3CVSS5.7AI score0.00161EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/22 1:39 a.m.•6 views

SUSE CVE-2026-6778

Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

5.3CVSS5.7AI score0.00256EPSS
Exploits0References3
Total number of security vulnerabilities59380