Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.5 HIGH
CVE-2026-9151 — Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to e…

| Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.5 HIGH
CVE-2026-50570 — Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety val…

Remote | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.3 MEDIUM
CVE-2026-50569 — Fission: HTTPTrigger admission omits RelativeURL / Prefix validation; kubectl apply bypas…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate() valid…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
3.6 LOW
CVE-2026-50568 — Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/ut…

| Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-50567 — Fission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetcher to write outside the desti…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go jo…

Remote | Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.9 CRITICAL
CVE-2026-50566 — Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allow…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fissi…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.9 MEDIUM
CVE-2026-50565 — Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supp…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were create…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.9 CRITICAL
CVE-2026-50564 — Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, …

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD expose…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.9 CRITICAL
CVE-2026-50563 — Fission Container Executor Function PodSpec Injection Leading to Node Escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor pat…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.9 CRITICAL
CVE-2026-50545 — Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.pod…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.5 HIGH
CVE-2026-49824 — Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission w…

Remote | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-49823 — Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission we…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries …

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-49822 — Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenan…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who co…

Remote | Information Disclosure
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-49821 — Fission: Cross-namespace Environment reference in Package allows build-time command execu…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller …

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.1 MEDIUM
CVE-2026-46642 — draw.io: XSS via crafted cell label when opening a .drawio file

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. …

drawio | Remote | Cross-Site Scripting
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.9 MEDIUM
CVE-2026-46618 — Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command,…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, before the round-1 security swee…

Remote | Authentication
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.7 HIGH
CVE-2026-46617 — Fission runtime pods automount the fission-fetcher service-account token into the user fu…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were create…

Remote | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.8 CRITICAL
CVE-2026-46614 — Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing inv…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an …

Remote | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.8 HIGH
CVE-2026-46612 — Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function ar…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component…

Remote | Authentication
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.1 HIGH
CVE-2026-45062 — FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Fil…

FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the req…

frankenphp | Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
Showing 20 of 7490 Results