Every CVE whose affected-product data names Opensuse Libzypp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2026-25707 — CVSS 8.8 (high): A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers…
CVE-2026-44941 — CVSS 8.4 (high): A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply…
CVE-2017-7436 — CVSS 8.1 (high): In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the…
CVE-2017-7435 — CVSS 8.1 (high): In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the…
CVE-2018-7685 — CVSS 7.8 (high): The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later…
CVE-2017-9269 — CVSS 7.7 (high): In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to…
CVE-2019-18900 — CVSS 4.0 (medium): : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise…