CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2026-33022 – Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun
https://notcve.org/view.php?id=CVE-2026-33022
20 Mar 2026 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or PipelineRun to crash the controller cluster-wide by setting .spec.taskRef.resolver (or .spec.pipelineRef.resolver) to a string of 31+ characters. The crash occurs because GenerateDeterministicNameFromSpec produces a n... • https://github.com/tektoncd/pipeline/commit/5eead3f859b9f938e86039e4d29185092c1d4ee6 • CWE-129: Improper Validation of Array Index •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2026-31890 – Inspektor Gadget: Tracing Denial of Service via Event Flooding
https://notcve.org/view.php?id=CVE-2026-31890
12 Mar 2026 — Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. The include/gadget/buffer.h file contains definitions for the Buffer API that gadgets can use to, among the other things, transfer data from eBPF programs to userspace. For hosts running a modern enough Linux kernel (... • https://github.com/inspektor-gadget/inspektor-gadget/security/advisories/GHSA-wv52-frfv-mfh4 • CWE-223: Omission of Security-relevant Information CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-61611
https://notcve.org/view.php?id=CVE-2025-61611
09 Mar 2026 — In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.. En el módem, existe una posible validación de entrada incorrecta. Esto podría llevar a una denegación de servicio remota sin necesidad de privilegios de ejecución adicionales. • https://www.unisoc.com/en/support/announcement/2030931350138310657 • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 44EXPL: 0CVE-2026-20435
https://notcve.org/view.php?id=CVE-2026-20435
02 Mar 2026 — In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118. • https://corp.mediatek.com/product-security-bulletin/March-2026 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-27969 – Vitess users with backup storage access can write to arbitrary file paths on restore
https://notcve.org/view.php?id=CVE-2026-27969
26 Feb 2026 — Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is a common path traversal security issue. This can be used to provide that attacker with unintended/unauthorized ... • https://github.com/vitessio/vitess/commit/c565cab615bc962bda061dcd645aa7506c59ca4a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2026-27965 – Vitess users with backup storage access can gain unauthorized access to production deployment environments
https://notcve.org/view.php?id=CVE-2026-27965
26 Feb 2026 — Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment — allowing them to access information available in that environment as well as run any addition... • https://github.com/vitessio/vitess/commit/4c0173293907af9cb942a6683c465c3f1e9fdb5c • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-20765
https://notcve.org/view.php?id=CVE-2025-20765
02 Dec 2025 — In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833. • https://corp.mediatek.com/product-security-bulletin/December-2025 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-415: Double Free •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-63396
https://notcve.org/view.php?id=CVE-2025-63396
12 Nov 2025 — An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS). • http://pytorch.com • CWE-667: Improper Locking •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46148
https://notcve.org/view.php?id=CVE-2025-46148
25 Sep 2025 — In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. • https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46149
https://notcve.org/view.php?id=CVE-2025-46149
25 Sep 2025 — In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. • https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a • CWE-617: Reachable Assertion •