CVE search

362,418 results
CVE-2026-47220HIGHEnvoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log formatEPSS 0.5%CVE-2026-47205MEDIUMEnvoy: ext_authz Use-After-Free during Stream Teardown with Per-Route OverridesEPSS 0.4%CVE-2026-47692MEDIUMEnvoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application streamEPSS 0.2%CVE-2026-47207MEDIUMEnvoy crashes if multiple unexpected ext_proc responses are packed into one gRPC messageEPSS 0.4%CVE-2026-48706MEDIUMEnvoy Heap Buffer Overflow in TcpStatsdSinkEPSS 0.6%CVE-2026-47204MEDIUMEnvoy: grpc_stats filter segfault on Connect protocol requests to direct_response routesEPSS 0.4%CVE-2026-47221MEDIUMEnvoy: Null pointer deref in internal redirectsEPSS 0.4%CVE-2026-48743HIGHEnvoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-LengthEPSS 0.3%CVE-2026-48497MEDIUMEnvoy: Abnormal process termination in DNS UDP filterEPSS 0.4%CVE-2026-48044HIGHEnvoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosionEPSS 0.5%CVE-2026-48042HIGHEnvoy: Stack overflow in destructor of highly nested JSONEPSS 0.5%CVE-2026-47778MEDIUMEnvoy: Embedded NUL in TLS DNS SAN Truncation in the Default TLS Certificate Validator. (Auth Bypass)EPSS 0.2%CVE-2026-47775MEDIUMEnvoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie DecryptionEPSS 0.2%CVE-2026-33646CRITICALmise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)EPSS 0.7%CVE-2026-55441HIGHmise: Arbitrary command execution via task-include files in an untrusted, config-less repositoryEPSS 0.2%CVE-2026-54557MEDIUMmise HTTP backend uses raw version path for install symlink destinationEPSS 0.2%CVE-2026-55448MEDIUMmise: Local credential_command executes untrusted configEPSS 0.2%CVE-2026-56876HIGHextract-zip unvalidated symlink path traversalEPSS 0.3%CVE-2026-54341HIGHDragonfly: RESTORE operations may crash the serverEPSS 0.4%CVE-2026-47206LOWDragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializerEPSS 0.3%