Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

324 New today
65,952 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
289
Jun 26
Critical
High
Medium
Low
Latest
CVE CVSS 4.8

Envoy: PROXY Protocol v2 header generator emits “skipped” TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream_CVE-2026-47692

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch between bytes written and th...

CVE-2026-47692 envoyproxy envoy >= 1.38.0, < 1.38.3
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.9 CVE-2026-47221

Envoy: Null pointer deref in internal redirects_CVE-2026-47221

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the r...

envoyproxy envoy >= 1.38.0, < 1.38.3 CVE
MEDIUM 6.5 CVE-2026-47207

Envoy crashes if multiple unexpected ext_proc responses are packed into one gRPC message_CVE-2026-47207

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy...

envoyproxy envoy >= 1.38.0, < 1.38.3 CVE
MEDIUM 6.5 CVE-2026-47204

Envoy: grpc_stats filter segfault on Connect protocol requests to direct_response routes_CVE-2026-47204

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the e...

envoyproxy envoy >= 1.38.0, < 1.38.3 CVE
MEDIUM 5.9 CVE-2026-54753

Nx: `nx graph` dev server permissive CORS policy_CVE-2026-54753

Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx gr...

nrwl nx >= 17.0.4, < 22.7.2 CVE
MEDIUM 5.9 CVE-2026-48090

Envoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)_CVE-2026-48090

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter ...

envoyproxy envoy >= 1.38.0, < 1.38.3 CVE
HIGH 7.5 CVE-2026-47220

Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format_CVE-2026-47220

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SER...

envoyproxy envoy >= 1.38.0, < 1.38.3 CVE
MEDIUM 5.9 CVE-2026-47205

Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides_CVE-2026-47205

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Fr...

envoyproxy envoy >= 1.38.0, < 1.38.3 CVE
NONE 5A30AF6D-A3F1-

MamaBaohe-ERP-SQLi_5A30AF6D-A3F1-5C05-9042-C5ED3EF4AAB8

MamaBaohe ERP Management Cloud Platform SQL Injection Overview | Field | Value | |-------|-------| | Product | Maternal and Child Health ERP Manage...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 C1779145-9574-

Exploit for OS Command Injection in Cacti_C1779145-9574-5457-B610-1891430BF6B2

CVE-2026-39938: Cacti " 3.2 Execute the Code by Including Log File bash curl -k -s "http://target-cacti/graphimage.php?action=view&localgraphid=1&g...

N/A N/A GITHUBEXPLOIT