openSUSE Tumbleweed

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:1524-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-27876 CVE-2024-9264 CVE-2023-3128 CVE-2021-41244 CVE-2026-21720 CVE-2026-21721 CVE-2026-27877 CVE-2025-6023  +12 more Upstream summary: A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-39324 Upstream summary: Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-41176 CVE-2026-41179 CVE-2026-39828 CVE-2026-39829 CVE-2026-39830 CVE-2026-39833 CVE-2026-46595 CVE-2026-46598  +12 more Upstream summary: Rclone is a command-line program to sync files and directories to and from […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:6470 (see also SUSE bugzilla) Related CVEs: CVE-2026-4177 CVE-2026-5089 CVE-2025-11683 Upstream summary: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2026-35580 CVE-2022-43705 CVE-2018-9127 CVE-2026-35582 CVE-2024-50382 CVE-2021-40529 CVE-2016-9132 CVE-2017-14737  +4 more Upstream summary: Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-40189 CVE-2026-40188 CVE-2026-35392 CVE-2026-35393 CVE-2026-35471 Upstream summary: goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:7383 (see also SUSE bugzilla) Related CVEs: CVE-2026-4631 CVE-2026-4802 CVE-2025-13465 CVE-2024-6126 Upstream summary: Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:1135-1 Related CVEs: CVE-2026-33211 Upstream summary: Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-5663 CVE-2025-9732 CVE-2024-47796 CVE-2024-52333 CVE-2024-27628 CVE-2024-28130 CVE-2022-2121 CVE-2022-43272  +7 more Upstream summary: A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-34444 Upstream summary: Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are […]