Where
-Infinity
0

Trending

Last week
Last month
Last year

Envoyproxy EnvoyEnvoy vulnerable to bypass of RBAC uri_template permission

Risk 19
Severity
5.3
EPSS
0.10%
First published (updated )
CVE-2025-46821

go/github.com/envoyproxy/envoyEnvoy crashes when HTTP ext_proc processes local replies

Risk 31
Severity
7.5
EPSS
0.00%
First published (updated )
CVE-2025-30157

go/github.com/envoyproxy/gatewayEnvoy Gateway Log Injection Vulnerability

Risk 19
Severity
5.3
EPSS
0.12%
First published (updated )
CVE-2025-25294

go/github.com/envoyproxy/gatewayEnvoy Admin Interface Exposed through prometheus metrics endpoint

Risk 35
Severity
7.1
EPSS
0.04%
First published (updated )
CVE-2025-24030

Envoy Envoy ProxyNull Pointer Dereference

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2333091
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Envoyproxy EnvoyHTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy

Risk 49
Severity
7.1
First published (updated )
CVE-2024-53271

Envoyproxy EnvoyHappy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy

Risk 45
Severity
7.5
First published (updated )
CVE-2024-53269

CNCF Envoy 1.29Reached end of life

EOL
Jan 16, 2025
First published (updated )
latest-version-envoy-1.29

CNCF Envoy 1.29Reached end of life

EOL
Jan 16, 2025
First published (updated )
EOL-envoy-1.29

Envoy Envoy ProxyEnvoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http a…

Risk 18
Severity
4
First published (updated )
REDHAT-BUG-2313687
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Envoy EnvoyEnvoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identif…

Risk 18
Severity
4
First published (updated )
REDHAT-BUG-2313685

Envoyproxy EnvoyPotential manipulate `x-envoy` headers from external sources in envoy

Risk 40
Severity
6.5
First published (updated )
CVE-2024-45806

Envoyproxy Envoyoghttp2 crash on OnBeginHeadersForStream in envoy

Risk 43
Severity
7.5
First published (updated )
CVE-2024-45807

Envoyproxy EnvoyMalicious log injection via access logs in envoy

Risk 41
Severity
6.5
First published (updated )
CVE-2024-45808

Envoyproxy EnvoyJwt filter crash in the clear route cache with remote JWKs in envoy

Risk 43
Severity
7.5
First published (updated )
CVE-2024-45809
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

CNCF Envoy 1.28Reached end of life

EOL
Oct 19, 2024
First published (updated )
EOL-envoy-1.28

CNCF Envoy 1.28Reached end of life

EOL
Oct 19, 2024
First published (updated )
latest-version-envoy-1.28

Envoy EnvoyUpload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x

Risk 72
Severity
8.6
First published (updated )
CVE-2024-21881

Envoy EnvoyA flaw was found in Envoy. It is possible to modify/manipulate headers from external clients when pa…

Risk 32
Severity
7
First published (updated )
REDHAT-BUG-2300352

Envoyproxy EnvoyEnvoy Proxy use after free when route hash policy is configured with cookie attributes

Risk 66
Severity
9.1
First published (updated )
CVE-2024-39305
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Envoyproxy EnvoyEnvoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()

Risk 43
Severity
7.5
First published (updated )
CVE-2024-32974

Envoyproxy EnvoyEnvoy crashes in QuicheDataReader::PeekVarInt62Length()

Risk 43
Severity
7.5
First published (updated )
CVE-2024-32975

Envoyproxy EnvoyEnvoy affected by a crash (use-after-free) in EnvoyQuicServerStream

Risk 35
Severity
5.9
First published (updated )
CVE-2024-34362

Envoyproxy EnvoyEnvoy can crash due to uncaught nlohmann JSON exception

Risk 43
Severity
7.5
First published (updated )
CVE-2024-34363

Envoyproxy EnvoyEnvoy OOM vector from HTTP async client with unbounded response buffer for mirror response

Risk 38
Severity
6.5
First published (updated )
CVE-2024-34364
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Envoyproxy EnvoyEnvoy can enter an endless loop while decompressing Brotli data with extra input

Risk 45
Severity
7.5
First published (updated )
CVE-2024-32976

Envoyproxy EnvoyHTTP/2: memory exhaustion due to CONTINUATION frame flood

Risk 43
Severity
7.5
First published (updated )
CVE-2024-27919

Envoyproxy EnvoyEnvoy crashes when idle and request per try timeout occur within the backoff interval

Risk 31
Severity
7.5
EPSS
0.05%
First published (updated )
CVE-2024-23322

Envoyproxy EnvoyExcessive CPU usage when URI template matcher is configured using regex in Envoy

Risk 19
Severity
5.3
EPSS
0.05%
First published (updated )
CVE-2024-23323

Envoyproxy EnvoyEnvoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata

Risk 34
Severity
8.6
EPSS
0.05%
First published (updated )
CVE-2024-23324
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203