|
81
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution …
New
|
CWE-480
Use of Incorrect Operator
|
CVE-2026-48497
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
7.5 |
HIGH
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd deco…
New
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-48044
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
7.5 |
HIGH
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O(…
New
|
CWE-1124
|
CVE-2026-48042
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
4.4 |
MEDIUM
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified in DefaultCertValidator::verifySu…
New
|
CWE-158
Improper Neutralization of Null Byte or NUL Character
|
CVE-2026-47778
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() functions use AES-256…
New
|
CWE-209
CWE-327
Information Exposure Through an Error Message
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-47775
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
4.8 |
MEDIUM
Adjacent
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the …
New
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-47692
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vul…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-47221
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an ext_proc server sends a single gRPC m…
New
|
CWE-416
Use After Free
|
CVE-2026-47207
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
- |
|
-
|
-
|
Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated u…
New
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-47206
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpc_stats filter crashes (null po…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-47204
|
2026-06-27 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
