openSUSE

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:2706 (see also SUSE bugzilla) Related CVEs: CVE-2025-68121 CVE-2023-39325 CVE-2023-44487 CVE-2026-32952 CVE-2024-40635 CVE-2024-28180 CVE-2023-45288 Upstream summary: During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:1842 (see also SUSE bugzilla) Related CVEs: CVE-2025-55130 CVE-2025-55131 CVE-2025-59465 CVE-2025-23166 CVE-2025-23083 CVE-2026-22036 CVE-2025-59466 CVE-2026-21637  +6 more Upstream summary: A flaw in Node.js's Permissions model allows attackers to bypass `–allow-fs-read` and `–allow-fs-write` […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2025-56225 CVE-2025-68617 Upstream summary: fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:0858-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-69223 CVE-2025-69227 CVE-2025-69228 CVE-2025-69229 CVE-2026-34516 CVE-2026-34520 CVE-2026-34514 CVE-2025-69224  +3 more Upstream summary: AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2025-2337 CVE-2025-2338 Upstream summary: A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2025-65409 CVE-2021-46019 Upstream summary: A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2025-14946 CVE-2024-7383 CVE-2023-5871 CVE-2023-5215 CVE-2022-0485 CVE-2021-20286 Upstream summary: A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2025-13654 Upstream summary: A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:21968 (see also SUSE bugzilla) Related CVEs: CVE-2025-10921 CVE-2021-45463 CVE-2012-4433 CVE-2018-10114 Upstream summary: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2025-65493 CVE-2025-65494 CVE-2025-65495 CVE-2026-29013 CVE-2025-65496 CVE-2025-65497 CVE-2025-65498 CVE-2025-65499  +2 more Upstream summary: NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to […]