Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.4 MEDIUM
CVE-2026-11626 — Local Privilege Escalation in Symantec Endpoint Protection macOS CleanWipe Removal Tool

CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an…

| Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-50639 — Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against me…

Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by ne…

| Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-50638 — Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against m…

Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by n…

| Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-50637 — Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metr…

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions) allow mutiple metrics,separated by newlines, to be sent p…

| Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.5 HIGH
CVE-2026-9151 — Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to e…

| Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.5 HIGH
CVE-2026-50570 — Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety val…

Remote | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.3 MEDIUM
CVE-2026-50569 — Fission: HTTPTrigger admission omits RelativeURL / Prefix validation; kubectl apply bypas…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate() valid…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
3.6 LOW
CVE-2026-50568 — Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/ut…

| Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-50567 — Fission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetcher to write outside the desti…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go jo…

Remote | Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.9 CRITICAL
CVE-2026-50566 — Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allow…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fissi…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.9 MEDIUM
CVE-2026-50565 — Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supp…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were create…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.9 CRITICAL
CVE-2026-50564 — Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, …

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD expose…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.9 CRITICAL
CVE-2026-50563 — Fission Container Executor Function PodSpec Injection Leading to Node Escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor pat…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.9 CRITICAL
CVE-2026-50545 — Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.pod…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.5 HIGH
CVE-2026-49824 — Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission w…

Remote | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-49823 — Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission we…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries …

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-49822 — Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenan…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who co…

Remote | Information Disclosure
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-49821 — Fission: Cross-namespace Environment reference in Package allows build-time command execu…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller …

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.1 MEDIUM
CVE-2026-46642 — draw.io: XSS via crafted cell label when opening a .drawio file

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. …

drawio | Remote | Cross-Site Scripting
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.9 MEDIUM
CVE-2026-46618 — Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command,…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, before the round-1 security swee…

Remote | Authentication
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
Showing 20 of 7485 Results