|
641
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.
New
|
CWE-862
Missing Authorization
|
CVE-2026-52701
|
2026-06-27 03:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
642
|
7.5 |
HIGH
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream HTTP/3 request that is complete a…
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-48743
|
2026-06-27 03:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
643
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink (TcpSta…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-48706
|
2026-06-27 03:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
644
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution …
New
|
CWE-480
Use of Incorrect Operator
|
CVE-2026-48497
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
645
|
7.5 |
HIGH
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd deco…
New
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-48044
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
646
|
7.5 |
HIGH
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O(…
New
|
CWE-1124
|
CVE-2026-48042
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
647
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() functions use AES-256…
New
|
CWE-209
CWE-327
Information Exposure Through an Error Message
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-47775
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
648
|
- |
|
-
|
-
|
Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated u…
New
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-47206
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
649
|
9.6 |
CRITICAL
Network
|
-
|
-
|
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec() function regis…
New
|
CWE-94
Code Injection
|
CVE-2026-33646
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
650
|
5.0 |
MEDIUM
Network
|
-
|
-
|
In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement to i…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-28385
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
