linuxfoundation

523 tracked vulnerabilities.

CVE-2026-33216 HIGH
NATS has MQTT plaintext password disclosure
Mar 25, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-29785 HIGH
NATS Server panic via malicious compression on leafnode port
Mar 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27889 HIGH
NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead
Mar 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33215 MEDIUM
NATS is vulnerable to MQTT hijacking via Client ID
Mar 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33211 CRITICAL
Tekton Pipelines 1.0.0-1.10.2 - Path Traversal
Mar 24, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-4538 MEDIUM
PyTorch pt2 Loading deserialization
Mar 22, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33022 MEDIUM
Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun
Mar 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28500 HIGH
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
Mar 18, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-32237 MEDIUM
Backstage plugin-scaffolder-backend 3.1.0-3.1.4 - Authenticated Exposure of Sensitive Information via Dry-Run API
Mar 12, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-32236 HIGH
Backstage plugin-auth-backend < 0.27.1 - Server-Side Request Forgery via Client Metadata Redirect
Mar 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32235 MEDIUM
Backstage plugin-auth-backend < 0.27.1 - Open Redirect via OIDC Provider Redirect URI Bypass
Mar 12, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-31890 MEDIUM
inspektor-gadget < 0.50.1 - Denial of Service via Ring-Buffer Overflow
Mar 12, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-29773 MEDIUM
Kubewarden 1.6.0-1.32.9 - Incorrect Authorization via Deprecated Host-Callback APIs
Mar 10, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-29186 HIGH
Backstage plugin-techdocs-node < 1.14.3 - Arbitrary Code Execution via MkDocs Configuration Bypass
Mar 07, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-29185 LOW
Backstage Integration < 1.20.1 - Path Traversal via Encoded SCM URL
Mar 07, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-29184 LOW
Backstage plugin-scaffolder-backend < 3.1.4 - Sensitive Information Exposure via Log Redaction Bypass
Mar 07, 2026
CVSS 2.0
EPSS 0.00
CVE-2026-20435 MEDIUM
Preloader - Info Disclosure
Mar 02, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-27969 HIGH
Vitess <23.0.3/22.0.4 - Path Traversal
Feb 26, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-27965 CRITICAL
Vitess <23.0.3/22.0.4 - Code Injection
Feb 26, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-27571 MEDIUM
NATS-Server < 2.11.2 and 2.12.3 - Unauthenticated Denial of Service via WebSocket Compression Bomb
Feb 24, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-27134 HIGH
Strimzi 0.49.0-0.50.0 - Auth Bypass
Feb 21, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-27133 MEDIUM
Strimzi 0.47.0-0.50.1 - Auth Bypass
Feb 20, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-25996 CRITICAL
Inspektor Gadget < 0.49.1 - Terminal Injection via Unsanitized eBPF Event Strings
Feb 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-25804 CRITICAL
antrea < 2.3.2 - Incorrect Traffic Enforcement via OpenFlow Priority Calculation Overflow
Feb 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-24051 HIGH
OpenTelemetry-Go <1.40.0 - Path Hijacking
Feb 02, 2026
CVSS 7.0
EPSS 0.00
Products
yocto 114 pytorch 31 everest 29 nats-server 24 harbor 23 magma 22 containerd 16 runc 16 iot-yocto 15 cups-filters 14 backstage 13 dragonfly 13 open_network_operating_system 11 onnx 10 ceph 8 kubeedge 8 spinnaker 8 tekton_pipelines 8 automotive_grade_linux 6 cubefs 6 edge_virtualization_engine 5 foomatic-filters 5 osquery 5 dex 4 grpc_swift 4 indy-node 4 materialx 4 opendaylight 4 rekor 4 the_update_framework 4
Quick Filters
Critical CVEs With Exploits In CISA KEV