Published issues
Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes
Permalink
CVE-2026-11702
7.5 HIGH
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): High (H)
-
Integrity (I): None (N)
-
Availability (A): None (N)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): High (H)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): None (N)
updated
4 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
4 hours ago
Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes
Permalink
CVE-2026-11625
7.5 HIGH
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): High (H)
-
Integrity (I): None (N)
-
Availability (A): None (N)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): High (H)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): None (N)
updated
4 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
4 packages
- perlPackages.BytesRandomSecureTiny
- perl540Packages.BytesRandomSecureTiny
- perl538Packages.BytesRandomSecureTiny
- perl5Packages.BytesRandomSecureTiny
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
4 hours ago
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes
Dragonfly: RESTORE operations may crash the server
Permalink
CVE-2026-54341
7.5 HIGH
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): None (N)
-
Integrity (I): None (N)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): High (H)
updated
4 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
4 packages
- dragonfly-reverb
- python312Packages.dragonfly
- python313Packages.dragonfly
- python314Packages.dragonfly
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
4 hours ago
Dragonfly: RESTORE operations may crash the server
libnfs through 6.0.2 before 935b8db has an xid integer underflow …
Permalink
CVE-2026-57918
7.1 HIGH
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): High (H)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): Required (R)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): High (H)
-
Integrity (I): High (H)
-
Availability (A): Low (L)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): High (H)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): Required (R)
-
Modified Confidentiality (MC): High (H)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): High (H)
-
Modified Availability (MA): Low (L)
updated
4 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
accepted
4 hours ago
-
@LeSuisse
published on GitHub
4 hours ago
libnfs through 6.0.2 before 935b8db has an xid integer underflow …
libnfs
-
<935b8db712b3c6649bc57ddc276526c4a31680de
GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion
Permalink
CVE-2026-48529
6.0 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): High (H)
-
Privileges Required (PR): Low (L)
-
User Interaction (UI): None (N)
-
Scope (S): Changed (C)
-
Confidentiality (C): Low (L)
-
Integrity (I): Low (L)
-
Availability (A): Low (L)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): High (H)
-
Modified Privileges Required (MPR): Low (L)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): Low (L)
-
Modified Scope (MS): Changed (C)
-
Modified Integrity (MI): Low (L)
-
Modified Availability (MA): Low (L)
updated
4 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
accepted
4 hours ago
-
@LeSuisse
published on GitHub
4 hours ago
GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion
Podman: Malformed Image can trick podman run into leaking host environment variables into the container
Permalink
CVE-2026-57231
7.5 HIGH
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): High (H)
-
Integrity (I): None (N)
-
Availability (A): None (N)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): High (H)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): None (N)
updated
4 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
9 packages
- podman-tui
- podman-bootc
- cockpit-podman
- podman-compose
- podman-desktop
- nomad-driver-podman
- python312Packages.podman
- python313Packages.podman
- python314Packages.podman
4 hours ago
-
@LeSuisse
accepted
4 hours ago
-
@LeSuisse
published on GitHub
4 hours ago
Podman: Malformed Image can trick podman run into leaking host environment variables into the container
python3Packages.kestra: security issues < 1.3.24
mise: security issues < 2026.6.4
Permalink
CVE-2026-55448
6.3 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Local (L)
-
Attack Complexity (AC): High (H)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): Required (R)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): High (H)
-
Integrity (I): High (H)
-
Availability (A): None (N)
-
Modified Attack Vector (MAV): Local (L)
-
Modified Attack Complexity (MAC): High (H)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): Required (R)
-
Modified Confidentiality (MC): High (H)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): High (H)
-
Modified Availability (MA): None (N)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- ocamlPackages.promise_jsoo
- python312Packages.heatmiserv3
- python313Packages.heatmiserv3
- python314Packages.heatmiserv3
- haskellPackages.unsafe-promises
- ocamlPackages_latest.promise_jsoo
- python313Packages.promise
- haskellPackages.promises
- python312Packages.promise
- python314Packages.promise
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
mise: Local credential_command executes untrusted config
Permalink
CVE-2026-54557
5.5 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Local (L)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): Required (R)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): None (N)
-
Integrity (I): High (H)
-
Availability (A): None (N)
-
Modified Attack Vector (MAV): Local (L)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): Required (R)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): High (H)
-
Modified Availability (MA): None (N)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- haskellPackages.promises
- python312Packages.promise
- python313Packages.promise
- python314Packages.promise
- ocamlPackages.promise_jsoo
- python312Packages.heatmiserv3
- python313Packages.heatmiserv3
- python314Packages.heatmiserv3
- haskellPackages.unsafe-promises
- ocamlPackages_latest.promise_jsoo
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
mise HTTP backend uses raw version path for install symlink destination
Permalink
CVE-2026-55441
8.6 HIGH
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Local (L)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): Required (R)
-
Scope (S): Changed (C)
-
Confidentiality (C): High (H)
-
Integrity (I): High (H)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Local (L)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): Required (R)
-
Modified Confidentiality (MC): High (H)
-
Modified Scope (MS): Changed (C)
-
Modified Integrity (MI): High (H)
-
Modified Availability (MA): High (H)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- haskellPackages.promises
- python314Packages.promise
- ocamlPackages.promise_jsoo
- python312Packages.heatmiserv3
- python313Packages.heatmiserv3
- python314Packages.heatmiserv3
- haskellPackages.unsafe-promises
- ocamlPackages_latest.promise_jsoo
- python313Packages.promise
- python312Packages.promise
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
mise: Arbitrary command execution via task-include files in an untrusted, config-less repository
You track: security issues < 2026.2.16593
envoy, envoy-bin: security issues < 1.36.9, < 1.38.3, < 1.37.5
Permalink
CVE-2026-47207
6.5 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): Low (L)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): None (N)
-
Integrity (I): None (N)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): Low (L)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): High (H)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- opa-envoy-plugin
- python312Packages.envoy-utils
- python313Packages.envoy-utils
- python314Packages.envoy-utils
- python312Packages.envoy-reader
- python313Packages.envoy-reader
- python314Packages.envoy-reader
- python313Packages.envoy-data-plane
- python314Packages.envoy-data-plane
- home-assistant-component-tests.enphase_envoy
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
Envoy crashes if multiple unexpected ext_proc responses are packed into one gRPC message
envoy
-
==>= 1.37.0, < 1.37.5
-
==>= 1.34.0, < 1.35.13
-
==>= 1.36.0, < 1.36.9
-
==>= 1.38.0, < 1.38.3
Permalink
CVE-2026-47205
5.9 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): High (H)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): None (N)
-
Integrity (I): None (N)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): High (H)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): High (H)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- home-assistant-component-tests.enphase_envoy
- python314Packages.envoy-data-plane
- python314Packages.envoy-reader
- python313Packages.envoy-reader
- python312Packages.envoy-reader
- python314Packages.envoy-utils
- python313Packages.envoy-utils
- python312Packages.envoy-utils
- python313Packages.envoy-data-plane
- opa-envoy-plugin
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides
envoy
-
==>= 1.37.0, < 1.37.5
-
==>= 1.36.0, < 1.36.9
-
==>= 1.38.0, < 1.38.3
Permalink
CVE-2026-47778
4.4 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): High (H)
-
Privileges Required (PR): High (H)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): High (H)
-
Integrity (I): None (N)
-
Availability (A): None (N)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): High (H)
-
Modified Privileges Required (MPR): High (H)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): High (H)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): None (N)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- opa-envoy-plugin
- python312Packages.envoy-utils
- python313Packages.envoy-utils
- python312Packages.envoy-reader
- python313Packages.envoy-reader
- python314Packages.envoy-reader
- python313Packages.envoy-data-plane
- home-assistant-component-tests.enphase_envoy
- python314Packages.envoy-data-plane
- python314Packages.envoy-utils
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
Envoy: Embedded NUL in TLS DNS SAN Truncation in the Default TLS Certificate Validator. (Auth Bypass)
envoy
-
==< 1.35.11
-
==>= 1.36.0, < 1.36.7
-
==>= 1.38.0, < 1.38.1
-
==>= 1.37.0, < 1.37.3
Permalink
CVE-2026-48497
5.9 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): High (H)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): None (N)
-
Integrity (I): None (N)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): High (H)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): High (H)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- opa-envoy-plugin
- python312Packages.envoy-utils
- python314Packages.envoy-utils
- python312Packages.envoy-reader
- python313Packages.envoy-reader
- python314Packages.envoy-reader
- home-assistant-component-tests.enphase_envoy
- python314Packages.envoy-data-plane
- python313Packages.envoy-data-plane
- python313Packages.envoy-utils
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
Envoy: Abnormal process termination in DNS UDP filter
envoy
-
==< 1.35.11
-
==>= 1.36.0, < 1.36.7
-
==>= 1.38.0, < 1.38.1
-
==>= 1.37.0, < 1.37.3
Permalink
CVE-2026-48042
7.5 HIGH
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): None (N)
-
Integrity (I): None (N)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): High (H)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- opa-envoy-plugin
- python314Packages.envoy-utils
- python312Packages.envoy-reader
- python314Packages.envoy-data-plane
- home-assistant-component-tests.enphase_envoy
- python313Packages.envoy-data-plane
- python314Packages.envoy-reader
- python313Packages.envoy-reader
- python313Packages.envoy-utils
- python312Packages.envoy-utils
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
Envoy: Stack overflow in destructor of highly nested JSON
envoy
-
==< 1.35.11
-
==>= 1.36.0, < 1.36.7
-
==>= 1.38.0, < 1.38.1
-
==>= 1.37.0, < 1.37.3
Permalink
CVE-2026-48706
5.9 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): High (H)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): None (N)
-
Integrity (I): None (N)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): High (H)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): High (H)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- home-assistant-component-tests.enphase_envoy
- python314Packages.envoy-data-plane
- python313Packages.envoy-data-plane
- python314Packages.envoy-reader
- python313Packages.envoy-reader
- python312Packages.envoy-reader
- python314Packages.envoy-utils
- python313Packages.envoy-utils
- python312Packages.envoy-utils
- opa-envoy-plugin
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
Envoy Heap Buffer Overflow in TcpStatsdSink
envoy
-
==>= 1.37.0, < 1.37.5
-
==>= 1.34.0, < 1.35.13
-
==>= 1.38.0, < 1.38.3
-
==>= 1.36.0, < 1.36.9
Permalink
CVE-2026-48743
7.5 HIGH
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): High (H)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): None (N)
-
Scope (S): Changed (C)
-
Confidentiality (C): Low (L)
-
Integrity (I): High (H)
-
Availability (A): None (N)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): High (H)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): Low (L)
-
Modified Scope (MS): Changed (C)
-
Modified Integrity (MI): High (H)
-
Modified Availability (MA): None (N)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- opa-envoy-plugin
- python312Packages.envoy-utils
- python313Packages.envoy-utils
- python314Packages.envoy-utils
- python312Packages.envoy-reader
- python313Packages.envoy-reader
- python314Packages.envoy-reader
- python313Packages.envoy-data-plane
- python314Packages.envoy-data-plane
- home-assistant-component-tests.enphase_envoy
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
Envoy: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length
envoy
-
==>= 1.35.0, < 1.35.11
-
==>= 1.36.0, < 1.36.7
-
==>= 1.38.0, < 1.38.1
-
==>= 1.37.0, < 1.37.3
Permalink
CVE-2026-47692
4.8 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Adjacent (A)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): High (H)
-
User Interaction (UI): None (N)
-
Scope (S): Changed (C)
-
Confidentiality (C): None (N)
-
Integrity (I): Low (L)
-
Availability (A): Low (L)
-
Modified Attack Vector (MAV): Adjacent (A)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): High (H)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Changed (C)
-
Modified Integrity (MI): Low (L)
-
Modified Availability (MA): Low (L)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- opa-envoy-plugin
- python312Packages.envoy-utils
- python313Packages.envoy-utils
- python314Packages.envoy-utils
- python312Packages.envoy-reader
- python313Packages.envoy-reader
- python314Packages.envoy-reader
- python313Packages.envoy-data-plane
- python314Packages.envoy-data-plane
- home-assistant-component-tests.enphase_envoy
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
Envoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream
envoy
-
==>= 1.37.0, < 1.37.5
-
==>= 1.34.0, < 1.35.13
-
==>= 1.36.0, < 1.36.9
-
==>= 1.38.0, < 1.38.3
Permalink
CVE-2026-47204
6.5 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): Low (L)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): None (N)
-
Integrity (I): None (N)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): Low (L)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): High (H)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- opa-envoy-plugin
- python312Packages.envoy-utils
- home-assistant-component-tests.enphase_envoy
- python314Packages.envoy-data-plane
- python313Packages.envoy-data-plane
- python314Packages.envoy-reader
- python313Packages.envoy-reader
- python312Packages.envoy-reader
- python314Packages.envoy-utils
- python313Packages.envoy-utils
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes
envoy
-
==>= 1.37.0, < 1.37.5
-
==>= 1.26.0, < 1.35.13
-
==>= 1.36.0, < 1.36.9
-
==>= 1.38.0, < 1.38.3
Permalink
CVE-2026-47775
6.8 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): High (H)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): Required (R)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): High (H)
-
Integrity (I): High (H)
-
Availability (A): None (N)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): High (H)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): Required (R)
-
Modified Confidentiality (MC): High (H)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): High (H)
-
Modified Availability (MA): None (N)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- opa-envoy-plugin
- python312Packages.envoy-utils
- python313Packages.envoy-utils
- python314Packages.envoy-utils
- python312Packages.envoy-reader
- python313Packages.envoy-reader
- python314Packages.envoy-reader
- python313Packages.envoy-data-plane
- python314Packages.envoy-data-plane
- home-assistant-component-tests.enphase_envoy
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption
envoy
-
==< 1.35.11
-
==>= 1.36.0, < 1.36.7
-
==>= 1.38.0, < 1.38.1
-
==>= 1.37.0, < 1.37.3
Permalink
CVE-2026-48044
7.5 HIGH
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): Low (L)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): None (N)
-
Integrity (I): None (N)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): Low (L)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): High (H)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- opa-envoy-plugin
- python312Packages.envoy-utils
- python313Packages.envoy-utils
- python314Packages.envoy-utils
- python312Packages.envoy-reader
- python313Packages.envoy-reader
- python314Packages.envoy-reader
- python313Packages.envoy-data-plane
- python314Packages.envoy-data-plane
- home-assistant-component-tests.enphase_envoy
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion
envoy
-
==>= 1.23.0, < 1.35.11
-
==>= 1.36.0, < 1.36.7
-
==>= 1.38.0, < 1.38.1
-
==>= 1.37.0, < 1.37.3
Permalink
CVE-2026-47221
5.9 MEDIUM
-
CVSS version (CVSS): 3.1
-
Attack Vector (AV): Network (N)
-
Attack Complexity (AC): High (H)
-
Privileges Required (PR): None (N)
-
User Interaction (UI): None (N)
-
Scope (S): Unchanged (U)
-
Confidentiality (C): None (N)
-
Integrity (I): None (N)
-
Availability (A): High (H)
-
Modified Attack Vector (MAV): Network (N)
-
Modified Attack Complexity (MAC): High (H)
-
Modified Privileges Required (MPR): None (N)
-
Modified User Interaction (MUI): None (N)
-
Modified Confidentiality (MC): None (N)
-
Modified Scope (MS): Unchanged (U)
-
Modified Integrity (MI): None (N)
-
Modified Availability (MA): High (H)
updated
5 hours ago
by @LeSuisse
Activity log
-
Created suggestion
11 hours ago
-
@LeSuisse
ignored
10 packages
- opa-envoy-plugin
- python312Packages.envoy-utils
- python313Packages.envoy-utils
- python314Packages.envoy-utils
- python312Packages.envoy-reader
- python313Packages.envoy-reader
- python314Packages.envoy-reader
- python313Packages.envoy-data-plane
- python314Packages.envoy-data-plane
- home-assistant-component-tests.enphase_envoy
5 hours ago
-
@LeSuisse
accepted
5 hours ago
-
@LeSuisse
published on GitHub
5 hours ago
Envoy: Null pointer deref in internal redirects
envoy
-
==>= 1.37.0, < 1.37.5
-
==>= 1.18.0, < 1.35.13
-
==>= 1.36.0, < 1.36.9
-
==>= 1.38.0, < 1.38.3