Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how linuxfoundation compares to other vendors in security performance

View Risk Score →

Software

linuxfoundation everest
29
linuxfoundation nats-server
21
linuxfoundation pytorch python
19
linuxfoundation yocto
19
linuxfoundation runc
10
linuxfoundation cups-filters
8
linuxfoundation onnx
7
linuxfoundation tekton pipelines go
7
linuxfoundation automotive grade linux
6
linuxfoundation containerd
6
linuxfoundation edge virtualization engine
5
linuxfoundation backstage
4
linuxfoundation inspektor gadget
3
linuxfoundation spinnaker
3
linuxfoundation antrea kubernetes
2
linuxfoundation argo-cd
2
linuxfoundation ceph
2
linuxfoundation cni network plugins
2
linuxfoundation dojox node.js
2
linuxfoundation foomatic-filters
2
linuxfoundation fulcio
2
linuxfoundation kedro python
2
linuxfoundation podman desktop
2
linuxfoundation rekor
2
linuxfoundation sigstore timestamp authority
2
linuxfoundation strimzi
2
linuxfoundation vitess
2
linuxfoundation backstage plugin-techdocs-node
1
linuxfoundation backstage\/backend defaults node.js
1
linuxfoundation backstage\/integration node.js
1
linuxfoundation backstage\/plugin-catalog-backend-module-unprocessed node.js
1
linuxfoundation backstage\/plugin-catalog-unprocessed-entities node.js
1
linuxfoundation backstage\/plugin-catalog-unprocessed-entities-common node.js
1
linuxfoundation backstage\/plugin-scaffolder-backend
1
linuxfoundation backstage\/plugin-scaffolder-backend node.js
1
linuxfoundation cloudnativepg kubernetes
1
linuxfoundation dapr
1
linuxfoundation dojo node.js
1
linuxfoundation dragonfly go
1
linuxfoundation gardenctl
1
linuxfoundation harbor
1
linuxfoundation jaeger
1
linuxfoundation kubewarden kubernetes
1
linuxfoundation libocpp
1
linuxfoundation longhorn
1
linuxfoundation magma
1
linuxfoundation open container initiative distribution specification
1
linuxfoundation open container initiative image format specification
1
linuxfoundation opendaylight
1
linuxfoundation opensearch node.js
1

Beproduct Beproduct\/nestjs-auth Node.jsTanStack Unspecified Vulnerability

Risk 95
Severity
9.6
Exploited
First published (updated )
CVE-2026-45321

go/github.com/cloudnative-pg/cloudnative-pgCloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE

Risk 82
Severity
9.4
First published (updated )
CVE-2026-44477

go/volcano.sh/volcanoVolcano: Webhook server vulnerable to OOM due to unbounded HTTP request body size

Risk 43
Severity
7.4
First published (updated )
CVE-2026-44247

linuxfoundation DaprDapr: Service Invocation path traversal ACL bypass

Risk 60
Severity
8.1
First published (updated )
CVE-2026-41491

npm/@backstage/plugin-catalog-backend-module-unprocessedBackstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks

Risk 22
Severity
4.3
First published (updated )
CVE-2026-44374
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

AGL agl-service-can-low-levelBuffer Overflow

Risk 43
Severity
7.5
First published (updated )
CVE-2026-37530

AGL app-framework-binder (afb-daemon)AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability…

Risk 69
Severity
7.8
First published (updated )
CVE-2026-37525

AGL app-framework-mainPath Traversal, Race Condition

Risk 86
Severity
9.8
First published (updated )
CVE-2026-37531

Automotive Grade Linux app-framework-binder (afb-daemon)AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privilege…

Risk 69
Severity
7.8
First published (updated )
CVE-2026-37526

AGL agl-service-can-low-levelAGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. …

Risk 48
Severity
7.1
First published (updated )
CVE-2026-37532
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

go/github.com/tektoncd/pipelineTekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE

Risk 73
Severity
8.5
First published (updated )
CVE-2026-40938

go/github.com/tektoncd/pipelineTekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion

Risk 38
Severity
6.5
First published (updated )
CVE-2026-40924

go/github.com/tektoncd/pipelineTekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check

Risk 34
Severity
5.4
First published (updated )
CVE-2026-40923

Tekton Tekton PipelinesTekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL

Risk 44
Severity
7.7
First published (updated )
CVE-2026-40161

github/tektoncd/pipelineTekton Pipelines: VerificationPolicy regex pattern bypass via substring matching

Risk 38
Severity
6.5
First published (updated )
CVE-2026-25542
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/io.spinnaker.echo:echo-pipelinetriggersSpinnaker vulnerable to RCE via expression parsing due to unrestricted context handling

Risk 87
Severity
10
First published (updated )
CVE-2026-32613

linuxfoundation SpinnakerSpinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths

Risk 87
Severity
10
First published (updated )
CVE-2026-32604

go/github.com/sigstore/timestamp-authority/v2Sigstore Timestamp Authority has Improper Certificate Validation in verifier

Risk 31
Severity
5.5
First published (updated )
CVE-2026-39984

Red Hat Podman DesktopPodman Desktop WebView Server Exposed

Risk 66
Severity
9.1
First published (updated )
CVE-2026-34045

go/antrea.io/antreaMissing Encryption of Sensitive Data in antrea.io/antrea

Risk 43
Severity
7.1
First published (updated )
CVE-2026-34992
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/kedroArbitrary Code Execution via Malicious Logging Configuration in Kedro

Risk 86
Severity
9.8
First published (updated )
CVE-2026-35171

pip/kedroKedro has a path traversal in versioned dataset loading via unsanitized version string

Risk 60
Severity
8.1
First published (updated )
CVE-2026-35167

pip/onnxONNX: External Data Symlink Traversal

Risk 31
Severity
5.5
First published (updated )
CVE-2026-34447

pip/onnxONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load

Risk 31
Severity
5.5
First published (updated )
CVE-2026-34446

pip/onnxONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

Risk 64
Severity
8.6
First published (updated )
CVE-2026-34445
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/onnxONNX: Path Traversal via Symlink

Risk 47
Severity
8.7
First published (updated )
CVE-2026-27489

Everest EVerestEVerest has RemoteStop Bypass via BCB Toggle Session Restart

Risk 36
Severity
5.2
First published (updated )
CVE-2026-33015

Everest EVerestEVerest has Delayed Authorization Response Bypasses Termination After RemoteStop

Risk 36
Severity
5.2
First published (updated )
CVE-2026-33014

Everest EVerestEVerest: MQTT Switch-Phases Command Data Race Causing Charger State Corruptio

Risk 54
Severity
8.2
First published (updated )
CVE-2026-33009

Everest EVerestEVerest: Charging Continues When WithdrawAuthorization Is Processed Before TransactionStarted

Risk 45
Severity
6.5
First published (updated )
CVE-2026-29044
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203