Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Micro 5.5 package libsolv, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2026-25707 — CVSS 8.8 (high): A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers…
CVE-2026-44941 — CVSS 8.4 (high): A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply…
CVE-2026-44933 — CVSS 7.8 (high): `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard…
CVE-2026-44942 — CVSS 6.5 (medium): A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before…
CVE-2026-9149 — CVSS 6.5 (medium): A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file…
CVE-2026-9150 — CVSS 6.5 (medium): A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing…