openSUSE Tumbleweed

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-41163 CVE-2020-5291 CVE-2019-12439 Upstream summary: bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-42151 CVE-2026-42154 CVE-2026-40179 CVE-2019-10215 CVE-2021-29622 Upstream summary: Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-41414 Upstream summary: Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-41604 CVE-2026-41605 CVE-2026-41636 CVE-2026-41606 CVE-2026-41607 CVE-2020-13949 Upstream summary: Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-5402 CVE-2026-5405 CVE-2026-5656 CVE-2025-1492 CVE-2024-11595 CVE-2024-11596 CVE-2022-3725 CVE-2024-24476  +12 more Upstream summary: TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory GHSA-f2g3-hh2r-cwgc (see also SUSE bugzilla) Related CVEs: CVE-2026-35172 CVE-2023-2253 CVE-2026-33540 CVE-2017-11468 Upstream summary: Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:8457 (see also SUSE bugzilla) Related CVEs: CVE-2026-33984 CVE-2026-33986 CVE-2026-26955 CVE-2026-26965 CVE-2026-31806 CVE-2026-31883 CVE-2026-31885 CVE-2026-24491  +12 more Upstream summary: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:1784-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-40176 CVE-2026-40261 CVE-2024-35241 CVE-2024-35242 CVE-2024-24821 CVE-2023-43655 CVE-2025-67746 Upstream summary: Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain […]