openSUSE Tumbleweed

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:12423 (see also SUSE bugzilla) Related CVEs: CVE-2026-4878 CVE-2023-2603 CVE-2023-2602 Upstream summary: A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:6621 (see also SUSE bugzilla) Related CVEs: CVE-2026-30892 CVE-2025-24965 CVE-2024-21626 CVE-2022-27650 Upstream summary: crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:7679 (see also SUSE bugzilla) Related CVEs: CVE-2006-10002 CVE-2006-10003 Upstream summary: XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory ESSA-2024:0650 (see also SUSE bugzilla) Related CVEs: CVE-2024-3596 Upstream summary: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:6628 (see also SUSE bugzilla) Related CVEs: CVE-2025-15270 CVE-2025-15269 CVE-2025-15275 CVE-2025-15279 CVE-2024-25081 CVE-2020-5395 CVE-2025-50949 CVE-2017-17521 Upstream summary: FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-5190 Upstream summary: Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-34531 Upstream summary: Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:3189 (see also SUSE bugzilla) Related CVEs: CVE-2025-14905 CVE-2014-8105 CVE-2014-8112 CVE-2015-1854 CVE-2015-3230 Upstream summary: A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:7080 (see also SUSE bugzilla) Related CVEs: CVE-2026-21710 CVE-2026-21712 CVE-2026-21713 CVE-2026-21714 CVE-2026-21716 CVE-2026-21717 CVE-2025-59464 CVE-2026-21715 Upstream summary: A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:1745-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-34785 CVE-2026-34829 CVE-2026-22860 CVE-2026-26961 CVE-2026-34230 CVE-2026-34763 CVE-2026-34786 CVE-2026-34826  +3 more Upstream summary: Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, […]