CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux

The fix for XSA-365 includes the initialization of pointers so that subsequent cleanup code would not use uninitialized or stale values. However, this initialization went too far and may, under certain conditions, also overwrite pointers that need to be cleaned up. The lack of cleanup would resul...

6.5CVSS6.7AI score0.00133EPSS

Exploits0References1

Packet Storm News•added 2026/05/11 12:0 a.m.•4 views

Can a Single Message Paralyze the AI Infrastructure? the Rise of AbO-DDoS Attacks through Targeted Mobius Injection

Large Language Model LLM agents have emerged as key intermediaries, orchestrating complex interactions between human users and a wide range of digital services and LLM infrastructures. While prior research has extensively examined the security of LLMs and agents in isolation, the systemic risk of...

5.9AI score

Talos Blog•added 2026/04/07 12:3 p.m.•3 views

Talos Takes: 2025's ransomware trends and zombie vulnerabilities

Join Amy and Pierre Cadieux as they unpack the ransomware and vulnerability trends that defined 2025. From the persistent ransomware threats targeting the manufacturing sector to the rise of stealthy living-off-the-land tactics, we break down what these shifts mean for your defense strategy. Why...

5.9AI score

Amazon•added 2026/04/01 12:0 a.m.•5 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead o...

8.2CVSS5.9AI score0.00019EPSS

Exploits4

Amazon•added 2026/04/01 12:0 a.m.•5 views

Important: ecs-service-connect-agent

8.2CVSS5.9AI score0.00019EPSS

Exploits4

RedhatCVE•added 2026/03/26 3:6 p.m.•2 views

CVE-2026-26311

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager FilterManager that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" UAF or state-corruption window where...

Malwarebytes•added 2026/03/16 4:9 p.m.•3 views

Zombie ZIP method can fool antivirus during the first scan

A researcher published “Zombie ZIP,” a simple way to change the first part header of a ZIP file so it falsely claims its contents are uncompressed while they are actually compressed. Many antivirus products trust that header and never properly decompress or inspect the real payload. In tests...

5.9AI score

OSV•added 2026/03/12 8:39 a.m.•0 views

BIT-ENVOY-2026-26311 Envoy HTTP: filter chain execution on reset streams causing UAF crash

NVD•added 2026/03/10 8:16 p.m.•1 views

Exploits1References2

CVE-2026-26311

5.9CVSS0.00019EPSS

EUVD•added 2026/03/10 7:14 p.m.•1 views

EUVD-2026-10804

Cvelist•added 2026/03/10 7:14 p.m.•40 views

CVE-2026-26311 Envoy HTTP: filter chain execution on reset streams causing UAF crash

5.9CVSS0.00019EPSS

ATTACKERKB•added 2026/03/10 7:14 p.m.•2 views

CVE-2026-26311

Exploits1References2Affected Software1

CVE•added 2026/03/10 7:14 p.m.•10 views

CVE-2026-26311

CVE-2026-26311 affects Envoy releases prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13. The issue is a logic vulnerability in the HTTP connection manager (FilterManager) where, after an HTTP/2 stream reset, the code may invoke filter callbacks on a stream that is already logically cleaned up, creatin...

Exploits1References1Affected Software1

Positive Technologies•added 2026/03/10 12:0 a.m.•5 views

PT-2026-24622

Note: This vulnerability was originally reported to the Google OSS VRP Issue ID: 477542544. The Google Security Team requested that I coordinate directly with the Envoy maintainers for triage and remediation. I am submitting this report here to facilitate that process. Technical Details I have...

5.9CVSS6.2AI score

Exploits0References3

Positive Technologies•added 2026/03/10 12:0 a.m.•0 views

PT-2026-24380

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.34.13 Envoy versions 1.35.0 through 1.35.7 Envoy versions 1.36.0 through 1.36.4 Envoy versions 1.37.0 Description Envoy is a high-performance edge/middle/service proxy. A logic issue exists in Envoy’s HTTP connection...