|
591
|
6.5 |
MEDIUM
Network
|
envoyproxy
|
envoy
|
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an ext_proc server sends a single gRPC m…
New
|
CWE-416
Use After Free
|
CVE-2026-47207
|
2026-06-28 05:20 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
592
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vul…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-47221
|
2026-06-28 05:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
593
|
4.3 |
MEDIUM
Adjacent
|
envoyproxy
|
envoy
|
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the …
New
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-47692
|
2026-06-28 05:09 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
594
|
5.3 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier…
New
|
CWE-120
CWE-787
Classic Buffer Overflow
Out-of-bounds Write
|
CVE-2026-6681
|
2026-06-28 05:02 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
595
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-6731
|
2026-06-28 05:02 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
596
|
5.3 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status o…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-10098
|
2026-06-28 05:01 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
597
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
Missing SNI/ALPN binding on stateful (session-ID) resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI…
New
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-11703
|
2026-06-28 04:59 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
598
|
6.5 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth e…
New
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-55962
|
2026-06-28 04:57 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
599
|
5.3 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
When HAVE_ENCRYPT_THEN_MAC is configured, the implementation could fall back to MAC-then-Encrypt rather than enforcing Encrypt-then-MAC.
New
|
CWE-757
Algorithm Downgrade
|
CVE-2026-6092
|
2026-06-28 04:55 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
600
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer.
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-6325
|
2026-06-28 04:51 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
