Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20648
Total
1489
Critical
6270
High
6549
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-29509 | MEDIUM | 5.4 | Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patoolib/programs/py_tarfile.py when running on Python before 3.12, where the is_within_directory() helper uses … | Jun 26, 2026 |
| CVE-2026-54753 | MEDIUM | 5.9 | Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent … | Jun 26, 2026 |
| CVE-2026-48090 | MEDIUM | 5.9 | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter (envoy.filters.http.oauth2) can … | Jun 26, 2026 |
| CVE-2026-47220 | HIGH | 7.5 | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SERVER_NAME(X:Y)% is used in … | Jun 26, 2026 |
| CVE-2026-47205 | MEDIUM | 5.9 | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability leading … | Jun 26, 2026 |
| CVE-2026-13372 | HIGH | 7.2 | Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with … | Jun 26, 2026 |
| CVE-2026-56876 | HIGH | 8.1 | extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', … | Jun 26, 2026 |
| CVE-2026-55448 | MEDIUM | 6.3 | mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local project config before any trust decision, … | Jun 26, 2026 |
| CVE-2026-55441 | HIGH | 8.6 | mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include … | Jun 26, 2026 |
| CVE-2026-54557 | MEDIUM | 5.5 | mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw … | Jun 26, 2026 |
| CVE-2026-54341 | HIGH | 7.5 | Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack … | Jun 26, 2026 |
| CVE-2026-48743 | HIGH | 7.5 | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream … | Jun 26, 2026 |
| CVE-2026-48706 | MEDIUM | 5.9 | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in … | Jun 26, 2026 |
| CVE-2026-48497 | MEDIUM | 5.9 | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS … | Jun 26, 2026 |
| CVE-2026-48044 | HIGH | 7.5 | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been … | Jun 26, 2026 |
| CVE-2026-48042 | HIGH | 7.5 | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results … | Jun 26, 2026 |
| CVE-2026-47778 | MEDIUM | 4.4 | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified … | Jun 26, 2026 |
| CVE-2026-47775 | MEDIUM | 6.8 | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() … | Jun 26, 2026 |
| CVE-2026-47692 | MEDIUM | 4.8 | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header … | Jun 26, 2026 |
| CVE-2026-47221 | MEDIUM | 5.9 | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains … | Jun 26, 2026 |
| CVE-2026-47207 | MEDIUM | 6.5 | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an … | Jun 26, 2026 |
| CVE-2026-47206 | UNKNOWN | — | Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. … | Jun 26, 2026 |
| CVE-2026-47204 | MEDIUM | 6.5 | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpc_stats filter crashes … | Jun 26, 2026 |
| CVE-2026-33646 | CRITICAL | 9.6 | mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with … | Jun 26, 2026 |
| CVE-2026-57518 | HIGH | 8.8 | Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom … | Jun 26, 2026 |