openSUSE Tumbleweed

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14933-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-30472 CVE-2026-35091 Upstream summary: Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2025-27154 CVE-2025-66040 Upstream summary: Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2024-46613 CVE-2020-8955 CVE-2017-14727 CVE-2017-8073 Upstream summary: WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:0056-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-3817 CVE-2026-39827 CVE-2026-39834 CVE-2026-42508 CVE-2026-46597 CVE-2026-33748 CVE-2026-33747 CVE-2025-66564  +12 more Upstream summary: HashiCorp's go-getter library is vulnerable to argument injection when executing Git to discover […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:0297-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-0377 Upstream summary: HashiCorp's go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. Table […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:0118-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-12084 CVE-2026-29518 CVE-2026-43618 CVE-2026-41035 CVE-2024-12087 CVE-2022-29154 CVE-2020-14387 CVE-2026-43617  +12 more Upstream summary: A heap-based buffer overflow flaw was found in the rsync daemon. This issue […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14565-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-53908 CVE-2024-45230 CVE-2024-41989 CVE-2024-41990 CVE-2024-41991 CVE-2024-42005 CVE-2024-38875 CVE-2024-39330  +4 more Upstream summary: An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2024-37302 CVE-2024-37303 CVE-2024-52805 CVE-2024-52815 CVE-2024-53863 CVE-2024-53867 CVE-2025-49090 CVE-2025-30355  +12 more Upstream summary: Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14525-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-52316 CVE-2018-8037 CVE-2026-29146 CVE-2026-32990 CVE-2026-34486 CVE-2025-66614 CVE-2025-55752 CVE-2025-48989  +12 more Upstream summary: Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use […]