Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-44692 — Authenticated Sharp users can download unrelated Laravel Storage objects through the gene…

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity ins…

sharp | Information Disclosure
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-53634 — Sharp: Missing Authorization Check in Quick Creation Command Endpoints

Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enfor…

sharp | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-45380 — bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymli…

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allo…

bit7z | Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-45384 — bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archiv…

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on…

bit7z | Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.5 MEDIUM
CVE-2026-50639 — Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against me…

Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by ne…

Remote | Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-50638 — Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against m…

Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by n…

| Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
0.0 NA
CVE-2026-50637 — Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metr…

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions) allow mutiple metrics,separated by newlines, to be sent p…

| Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.4 MEDIUM
CVE-2026-11626 — Local Privilege Escalation in Symantec Endpoint Protection macOS CleanWipe Removal Tool

CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an…

| Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.9 MEDIUM
CVE-2026-10740 — Excessive memory allocation in s2n-quic

Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted …

Remote | Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.5 HIGH
CVE-2026-9151 — Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to e…

| Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.5 HIGH
CVE-2026-50570 — Fission: Incomplete capability denylist in Environment/Function PodSpec validation allows…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety val…

Remote | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.3 MEDIUM
CVE-2026-50569 — Fission: HTTPTrigger admission omits RelativeURL / Prefix validation; kubectl apply bypas…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate() valid…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
3.6 LOW
CVE-2026-50568 — Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/ut…

| Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-50567 — Fission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetcher to write outside the desti…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go jo…

Remote | Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.9 CRITICAL
CVE-2026-50566 — Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allow…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fissi…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.9 MEDIUM
CVE-2026-50565 — Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supp…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were create…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.9 CRITICAL
CVE-2026-50564 — Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, …

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD expose…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.9 CRITICAL
CVE-2026-50563 — Fission Container Executor Function PodSpec Injection Leading to Node Escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor pat…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.9 CRITICAL
CVE-2026-50545 — Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.pod…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.5 HIGH
CVE-2026-49824 — Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission w…

Remote | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
Showing 20 of 7403 Results