Tumbleweed
This hub aggregates every CVE we track for Tumbleweed, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
Operating Systemson-prem
6
CVEs tracked
1
Critical
3
High
0
In CISA KEV
Severity distribution
HIGH3MEDIUM2CRITICAL1
Monthly trend
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 6 most recently published vulnerabilities affecting Tumbleweed.
- CVE-2025-62875Local DoS in OpenSMTPD via UNIX domain socket smtpd.sock5.5
- CVE-2024-49505XSS vulnerability found in OpenSuse MirrorCache6.1
- CVE-2023-32183Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. 7.8
- CVE-2022-31250keylime %post scriplet allows for privilege escalation from keylime user to root7.1
- CVE-2021-25315salt-api unauthenticated remote code execution9.8
- CVE-2020-8026inn: non-root owned files8.4
Product normalization is registry-driven with AI assist and human review. How it works