Suse linux enterprise module for web scripting

This hub aggregates every CVE we track for Suse linux enterprise module for web scripting, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Suse linux enterprise module for web scripting.

• CVE-2025-1735pgsql extension does not check for errors during escaping5.9Jul 13, 2025
• CVE-2025-1220Null byte termination in hostnames3.7Jul 13, 2025
• CVE-2025-6491NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix5.9Jul 13, 2025
• CVE-2025-49125Apache Tomcat: Security constraint bypass for pre/post-resources7.5Jun 16, 2025
• CVE-2025-23085A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to ...5.3Feb 7, 2025
• CVE-2025-23083With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an ins...7.7Jan 22, 2025
• CVE-2024-21538Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can incr...7.5Nov 8, 2024
• CVE-2023-39333Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not...5.3Sep 7, 2024
• CVE-2024-27982The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is place...6.5May 7, 2024
• CVE-2024-30260Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline3.9Apr 4, 2024
• CVE-2024-30261Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect2.6Apr 4, 2024
• CVE-2024-22025A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. ...6.5Mar 19, 2024
• CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5Oct 10, 2023
• CVE-2022-43548A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does...8.1Dec 5, 2022
• CVE-2022-2255A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI applicati...7.5Aug 25, 2022