openSUSE Tumbleweed

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14937-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-30204 Upstream summary: golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14929-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-30474 CVE-2025-27553 Upstream summary: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2025-27404 CVE-2025-27405 CVE-2018-18249 CVE-2020-24368 CVE-2025-27609 CVE-2025-30164 CVE-2018-18246 CVE-2018-18248  +2 more Upstream summary: Icinga Web 2 is an open source monitoring web interface, framework and command-line […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14912-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-2361 CVE-2008-2942 CVE-2015-7545 CVE-2016-3068 CVE-2016-3069 CVE-2016-3105 CVE-2016-3630 CVE-2017-1000116  +7 more Upstream summary: A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15006-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-29786 CVE-2024-45296 CVE-2025-26791 Upstream summary: Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14898-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-5253 Upstream summary: NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14892-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-36843 Upstream summary: The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14891-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-2176 CVE-2025-2177 CVE-2025-2173 CVE-2025-2174 CVE-2025-2175 Upstream summary: A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14864-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-23386 Upstream summary: A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:1534-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-32487 CVE-2022-46663 CVE-2014-9488 Upstream summary: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is […]