Total CVEs

140,151

Critical Severity

3,698

High Severity

13,312

Last 7 Days

1,766
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 1 - 20 of 36,556 CVEs

Incus: CreateCustomVolumeFromBackup nil-pointer dereference on volume_snapshots[*].expires_at (sibling-field variant of GHSA-r7w7)

Vendor: go
Product: github.com/lxc/incus/v7/cmd/incusd
Published: Jun 26, 2026
Source: GitHub
CVE-2026-48755 CRITICAL - 9.9

Incus has an argument injection in backup compression algorithm leading to AFW and ACE

Vendor: go
Product: github.com/lxc/incus/v7/cmd/incusd
Published: Jun 26, 2026
Source: GitHub

Incus: Nil-pointer dereference in createDependentVolumesFromBackup on disk.{Volume,VolumeSnapshots,Pool}

Vendor: go
Product: github.com/lxc/incus/v7/cmd/incusd
Published: Jun 26, 2026
Source: GitHub
CVE-2026-48753 CRITICAL - 9.9

Incus has an arbitrary file write via path traversal in S3 multipart upload

Vendor: go
Product: github.com/lxc/incus/v7/cmd/incusd
Published: Jun 26, 2026
Source: GitHub
CVE-2026-48752 CRITICAL - 9.9

Incus has arbitrary file read+write on host via templates/ symlink in malicious image

Vendor: go
Product: github.com/lxc/incus/v7/cmd/incusd
Published: Jun 26, 2026
Source: GitHub
CVE-2026-48751 CRITICAL - 9.9

Incus has a restricted project bypass leading to arbitrary command execution

Vendor: go
Product: github.com/lxc/incus/v7/cmd/incusd
Published: Jun 26, 2026
Source: GitHub
CVE-2026-48750 CRITICAL - 9.9

Incus has an arbitrary file write on host via `exec-output` symlink in crafted image

Vendor: go
Product: github.com/lxc/incus/v7/cmd/incusd
Published: Jun 26, 2026
Source: GitHub
CVE-2026-48749 CRITICAL - 9.9

Incus has an arbitrary file read+write on host via rootfs/ symlink in malicious image

Vendor: go
Product: github.com/lxc/incus/v7/cmd/incusd
Published: Jun 26, 2026
Source: GitHub
CVE-2026-56876 HIGH - 8.1

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction dir...

Vendor: max-mapper
Product: extract-zip
Published: Jun 26, 2026
Source: NVD
CVE-2026-54341 HIGH - 7.5

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by de...

Vendor: dragonflydb
Product: dragonfly
Published: Jun 26, 2026
Source: NVD
CVE-2026-48743 HIGH - 7.5

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream HTTP/3 request that is complete at the transport layer (HEADERS with FIN / headers-only close) but still carries a nonzero Content-Len...

Vendor: envoyproxy
Product: envoy
Published: Jun 26, 2026
Source: NVD
CVE-2026-48706 MEDIUM - 5.9

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink (TcpStatsdSink), where the thread-local flusher buffer can be overflowed by exceptionally long statisti...

Vendor: envoyproxy
Product: envoy
Published: Jun 26, 2026
Source: NVD
CVE-2026-48497 MEDIUM - 5.9

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long ca...

Vendor: envoyproxy
Product: envoy
Published: Jun 26, 2026
Source: NVD
CVE-2026-48044 HIGH - 7.5

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation (ZstdDecompressorImpl). When zstd decompression is enabled, processing a...

Vendor: envoyproxy
Product: envoy
Published: Jun 26, 2026
Source: NVD
CVE-2026-48042 HIGH - 7.5

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O(100K) nested objects are present. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1.

Vendor: envoyproxy
Product: envoy
Published: Jun 26, 2026
Source: NVD
CVE-2026-47778 MEDIUM - 4.4

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified in DefaultCertValidator::verifySubjectAltName where the extracted DNS SAN string is cast to a C-style string using .c_str() before bei...

Vendor: envoyproxy
Product: envoy
Published: Jun 26, 2026
Source: NVD
CVE-2026-47775 MEDIUM - 6.8

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() functions use AES-256-CBC without an authentication tag (no HMAC, no AEAD). The /callback endpoint returns HTTP 302 o...

Vendor: envoyproxy
Product: envoy
Published: Jun 26, 2026
Source: NVD
CVE-2026-47692 MEDIUM - 4.8

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch between bytes written and the length field in the h...

Vendor: envoyproxy
Product: envoy
Published: Jun 26, 2026
Source: NVD
CVE-2026-47221 MEDIUM - 5.9

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 (See Other) internal redirects for body-less non-GET/HEAD requests....

Vendor: envoyproxy
Product: envoy
Published: Jun 26, 2026
Source: NVD
CVE-2026-47207 MEDIUM - 6.5

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an ext_proc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the fi...

Vendor: envoyproxy
Product: envoy
Published: Jun 26, 2026
Source: NVD