linuxfoundation

523 tracked vulnerabilities.

CVE-2026-41491 HIGH
Dapr: Service Invocation path traversal ACL bypass
May 08, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-37532 HIGH
AGL agl-service-can-low-level <=17.1.12 - Buffer Overflow
May 01, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-37531 CRITICAL
AGL app-framework-main <=17.1.12 - Path Traversal
May 01, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-37530 HIGH
AGL agl-service-can-low-level <=17.1.12 - Buffer Overflow
May 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-37526 HIGH
AGL app-framework-binder <19.90.0 - Privilege Escalation
May 01, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-37525 HIGH
AGL app-framework-binder <v19.90.0 - Privilege Escalation
May 01, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-40938 HIGH
Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
Apr 21, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-40924 MEDIUM
Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion
Apr 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40923 MEDIUM
Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check
Apr 21, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-40161 HIGH
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL
Apr 21, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-25542 MEDIUM
Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching
Apr 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32613 CRITICAL
Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling
Apr 20, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-32604 CRITICAL
Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths
Apr 20, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-39984 MEDIUM
Sigstore Timestamp Authority has Improper Certificate Validation in verifier
Apr 15, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-34045 HIGH
Podman Desktop WebView Server Exposed
Apr 07, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-35171 CRITICAL
Arbitrary Code Execution via Malicious Logging Configuration in Kedro
Apr 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-35167 HIGH
Kedro has a path traversal in versioned dataset loading via unsanitized version string
Apr 06, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-34992 HIGH
Missing Encryption of Sensitive Data in antrea.io/antrea
Apr 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34447 MEDIUM
ONNX: External Data Symlink Traversal
Apr 01, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-34446 MEDIUM
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Apr 01, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-34445 HIGH
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
Apr 01, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-27489 HIGH
ONNX: Path Traversal via Symlink
Apr 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33701 CRITICAL
OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution
Mar 27, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-33015 MEDIUM
EVerest has RemoteStop Bypass via BCB Toggle Session Restart
Mar 26, 2026
CVSS 5.2
EPSS 0.00
CVE-2026-33014 MEDIUM
EVerest has Delayed Authorization Response Bypasses Termination After RemoteStop
Mar 26, 2026
CVSS 5.2
EPSS 0.00
Products
yocto 114 pytorch 31 everest 29 nats-server 24 harbor 23 magma 22 containerd 16 runc 16 iot-yocto 15 cups-filters 14 backstage 13 dragonfly 13 open_network_operating_system 11 onnx 10 ceph 8 kubeedge 8 spinnaker 8 tekton_pipelines 8 automotive_grade_linux 6 cubefs 6 edge_virtualization_engine 5 foomatic-filters 5 osquery 5 dex 4 grpc_swift 4 indy-node 4 materialx 4 opendaylight 4 rekor 4 the_update_framework 4
Quick Filters
Critical CVEs With Exploits In CISA KEV