openSUSE Tumbleweed

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2026-3605 CVE-2026-5807 CVE-2025-62513 CVE-2025-6203 CVE-2025-54996 CVE-2025-5999 CVE-2025-6000 CVE-2025-52894  +12 more Upstream summary: An authenticated user with access to a kvv2 path through a policy containing a glob may be […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:1639-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-14813 CVE-2026-3505 CVE-2026-5598 CVE-2024-30172 CVE-2023-33201 CVE-2015-7940 CVE-2016-1000338 CVE-2019-17359  +12 more Upstream summary: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:1751-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-2332 CVE-2026-5795 CVE-2025-5115 CVE-2024-13009 CVE-2024-22201 CVE-2023-36478 CVE-2022-2048 CVE-2020-27223  +12 more Upstream summary: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:21382-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-40192 CVE-2026-25990 CVE-2025-48379 Upstream summary: Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:21425-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-39373 Upstream summary: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-5747 Upstream summary: An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:1555-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-20884 CVE-2026-20889 CVE-2026-20911 CVE-2026-21413 CVE-2026-24450 CVE-2026-24660 CVE-2026-5342 Upstream summary: An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:10739 (see also SUSE bugzilla) Related CVEs: CVE-2026-34001 CVE-2025-62229 CVE-2025-62230 CVE-2025-62231 CVE-2025-49175 CVE-2025-49176 CVE-2025-49179 CVE-2025-49180  +12 more Upstream summary: A flaw was found in the X.Org X server. This use-after-free vulnerability occurs […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:1511-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-34078 CVE-2024-42472 CVE-2024-32462 CVE-2023-28100 CVE-2021-43860 CVE-2021-41133 CVE-2017-5226 CVE-2019-10063  +5 more Upstream summary: Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:10407 (see also SUSE bugzilla) Related CVEs: CVE-2025-47273 CVE-2024-53899 CVE-2024-56201 CVE-2024-56326 CVE-2023-0286 CVE-2017-18342 CVE-2020-14343 CVE-2026-35254  +9 more Upstream summary: setuptools is a package that allows users to download, build, install, upgrade, and […]