openSUSE

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2025-62409 CVE-2025-62504 CVE-2025-30157 CVE-2025-62408 CVE-2024-39305 Upstream summary: Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:23648 (see also SUSE bugzilla) Related CVEs: CVE-2025-26625 CVE-2024-53263 Upstream summary: Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:20892-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-11731 CVE-2025-7424 CVE-2024-55549 CVE-2025-24855 CVE-2008-1767 CVE-2016-4738 CVE-2017-5029 CVE-2019-11068  +4 more Upstream summary: A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:19512 (see also SUSE bugzilla) Related CVEs: CVE-2025-61919 CVE-2025-61770 CVE-2025-61771 CVE-2025-61772 CVE-2025-59830 CVE-2025-46727 CVE-2025-27610 CVE-2025-27111  +1 more Upstream summary: Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:22394 (see also SUSE bugzilla) Related CVEs: CVE-2025-10728 CVE-2025-10729 CVE-2026-6210 Upstream summary: When the module renders a Svg file that contains a <pattern> element, it might end up rendering it recursively leading […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:01816-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-28285 CVE-2023-50979 CVE-2023-50981 CVE-2023-50980 Upstream summary: A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:3754-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-61920 CVE-2025-68158 Upstream summary: Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JOSE implementation accepts unbounded […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2025-40927 Upstream summary: CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:23063 (see also SUSE bugzilla) Related CVEs: CVE-2025-61594 CVE-2025-58767 Upstream summary: URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2023-6378 CVE-2023-6481 CVE-2024-12798 CVE-2026-1225 CVE-2025-11226 CVE-2024-12801 Upstream summary: A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by […]