CVE Tools

linuxfoundation

AI / MLUSoss-project

451

Cumulative CVEs

55

Monthly snapshots

#25

Peak rank

Top products

automotive grade linux5 backstage\/plugin-catalog-backend-module-unprocessed1 backstage\/plugin-catalog-unprocessed-entities1

Latest CVEs

The 15 most recently published vulnerabilities affecting linuxfoundation.

CVE-2026-3840Path Traversal in kedro-org/kedro7.1Jun 12, 2026
CVE-2026-44477CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE9.9May 28, 2026
CVE-2026-44247Volcano: Webhook server vulnerable to OOM due to unbounded HTTP request body size6.8May 27, 2026
CVE-2026-44374Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks4.3May 14, 2026
CVE-2026-45321Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keysKEV9.6May 12, 2026
CVE-2026-41491Dapr: Service Invocation path traversal ACL bypass8.1May 8, 2026
CVE-2026-37532AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted f...7.1May 1, 2026
CVE-2026-37531AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename ...9.8May 1, 2026
CVE-2026-37530AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLO...7.5May 1, 2026
CVE-2026-37526AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authenticat...7.8May 1, 2026
CVE-2026-37525AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explici...7.8May 1, 2026
CVE-2026-40923Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check5.4Apr 21, 2026
CVE-2026-40924Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion6.5Apr 21, 2026
CVE-2026-40938Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE7.5Apr 21, 2026
CVE-2026-40161Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL7.7Apr 21, 2026