Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20679
Total
1492
Critical
6280
High
6554
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-47221 | MEDIUM | 5.9 | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains … | Jun 26, 2026 |
| CVE-2026-47207 | MEDIUM | 6.5 | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an … | Jun 26, 2026 |
| CVE-2026-47206 | UNKNOWN | — | Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. … | Jun 26, 2026 |
| CVE-2026-47204 | MEDIUM | 6.5 | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpc_stats filter crashes … | Jun 26, 2026 |
| CVE-2026-33646 | CRITICAL | 9.6 | mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with … | Jun 26, 2026 |
| CVE-2026-57518 | HIGH | 8.8 | Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom … | Jun 26, 2026 |
| CVE-2026-57231 | HIGH | 7.5 | Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a … | Jun 26, 2026 |
| CVE-2026-56823 | MEDIUM | 5.4 | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /api/integrations/webhooks/{webhook_id}/ping` endpoint fetches the target … | Jun 26, 2026 |
| CVE-2026-56663 | HIGH | 8.5 | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF … | Jun 26, 2026 |
| CVE-2026-55686 | MEDIUM | 5.3 | Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a … | Jun 26, 2026 |
| CVE-2026-55677 | HIGH | 7.5 | Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches … | Jun 26, 2026 |
| CVE-2026-54636 | CRITICAL | 9.0 | Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku … | Jun 26, 2026 |
| CVE-2026-48529 | MEDIUM | 6.0 | GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as … | Jun 26, 2026 |
| CVE-2026-45408 | CRITICAL | 9.0 | Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authenticated user pushes to a git … | Jun 26, 2026 |
| CVE-2026-45407 | MEDIUM | 5.0 | Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the default umask of 0644. This … | Jun 26, 2026 |
| CVE-2026-45406 | CRITICAL | 9.0 | Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then … | Jun 26, 2026 |
| CVE-2026-45405 | CRITICAL | 9.0 | Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or … | Jun 26, 2026 |
| CVE-2026-28385 | MEDIUM | 5.0 | In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement … | Jun 26, 2026 |
| CVE-2026-13434 | MEDIUM | 4.9 | A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is … | Jun 26, 2026 |
| CVE-2026-11779 | UNKNOWN | — | An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation. | Jun 26, 2026 |
| CVE-2025-32423 | UNKNOWN | — | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in ExtractTextInformationBlock. … | Jun 26, 2026 |
| CVE-2025-32394 | UNKNOWN | — | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. … | Jun 26, 2026 |
| CVE-2026-9640 | HIGH | 7.2 | A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during … | Jun 26, 2026 |
| CVE-2026-9639 | MEDIUM | 6.5 | Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial … | Jun 26, 2026 |
| CVE-2026-5757 | HIGH | 7.5 | Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive … | Jun 26, 2026 |