Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20648
Total
1489
Critical
6270
High
6549
Medium
CVE ID Severity Score Description Published
CVE-2026-29509 MEDIUM 5.4 Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patoolib/programs/py_tarfile.py when running on Python before 3.12, where the is_within_directory() helper uses … Jun 26, 2026
CVE-2026-54753 MEDIUM 5.9 Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent … Jun 26, 2026
CVE-2026-48090 MEDIUM 5.9 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter (envoy.filters.http.oauth2) can … Jun 26, 2026
CVE-2026-47220 HIGH 7.5 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SERVER_NAME(X:Y)% is used in … Jun 26, 2026
CVE-2026-47205 MEDIUM 5.9 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability leading … Jun 26, 2026
CVE-2026-13372 HIGH 7.2 Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with … Jun 26, 2026
CVE-2026-56876 HIGH 8.1 extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', … Jun 26, 2026
CVE-2026-55448 MEDIUM 6.3 mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local project config before any trust decision, … Jun 26, 2026
CVE-2026-55441 HIGH 8.6 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include … Jun 26, 2026
CVE-2026-54557 MEDIUM 5.5 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw … Jun 26, 2026
CVE-2026-54341 HIGH 7.5 Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack … Jun 26, 2026
CVE-2026-48743 HIGH 7.5 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream … Jun 26, 2026
CVE-2026-48706 MEDIUM 5.9 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in … Jun 26, 2026
CVE-2026-48497 MEDIUM 5.9 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS … Jun 26, 2026
CVE-2026-48044 HIGH 7.5 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been … Jun 26, 2026
CVE-2026-48042 HIGH 7.5 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results … Jun 26, 2026
CVE-2026-47778 MEDIUM 4.4 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified … Jun 26, 2026
CVE-2026-47775 MEDIUM 6.8 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() … Jun 26, 2026
CVE-2026-47692 MEDIUM 4.8 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header … Jun 26, 2026
CVE-2026-47221 MEDIUM 5.9 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains … Jun 26, 2026
CVE-2026-47207 MEDIUM 6.5 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an … Jun 26, 2026
CVE-2026-47206 UNKNOWN Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. … Jun 26, 2026
CVE-2026-47204 MEDIUM 6.5 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpc_stats filter crashes … Jun 26, 2026
CVE-2026-33646 CRITICAL 9.6 mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with … Jun 26, 2026
CVE-2026-57518 HIGH 8.8 Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom … Jun 26, 2026