Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-25970 — ImageMagick SIXEL Decoder Has Signed Integer Overflow, Leading to Memory Corruption

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-25969 — ImageMagick has Memory Leak in coders/ashlar.c

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-25968 — ImageMagick has MSL attribute stack buffer overflow that leads to out of bounds write.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribut…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-25967 — ImageMagick has stack buffer overflow in FTXT reader via oversized integer field

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A …

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.8 HIGH
CVE-2026-25966 — ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" le…

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard s…

imagemagick | Misconfiguration
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
8.6 HIGH
CVE-2026-25965 — ImageMagick's policy bypass through path traversal allows reading restricted content desp…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw file…

imagemagick | Remote | Path Traversal
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
9.1 CRITICAL
CVE-2026-25898 — Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index …

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-25897 — ImageMagick has heap overflow in sun decoder on 32-bit systems that can result in out of …

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. O…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
4.9 MEDIUM
CVE-2025-11846 — Zyxel VMG3625-T50B and WX3100-T0 Null Pointer Dereference DoS Vulnerability

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.5…

nebula_fwa510_firmware nebula_fwa710_firmware dx3301-t0_firmware dx4510-b1_firmware emg3525-t50b_firmware emg5523-t50b_firmware +102 more | Remote | Denial of Service
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
4.9 MEDIUM
CVE-2025-11845 — Zyxel VMG3625-T50B and WX3100-T0 Null Pointer Dereference Denial-of-Service Vulnerability

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions throu…

nebula_fwa510_firmware nebula_fwa710_firmware dx3301-t0_firmware dx4510-b1_firmware emg3525-t50b_firmware emg5523-t50b_firmware +102 more | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.6 HIGH
CVE-2026-3051 — DataLinkDC dinky Project Name GitRepository.java getProjectDir path traversal

A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the comp…

dinky | Remote | Path Traversal
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
5.4 MEDIUM
CVE-2026-3050 — horilla-opensource horilla Leads global.js cross site scripting

A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argumen…

horilla | Remote | Cross-Site Scripting
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
6.1 MEDIUM
CVE-2026-3049 — horilla-opensource horilla Query Parameter global_search.py get redirect

A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla_generics/global_search.py of the component Query Parameter Handler. The…

horilla | Remote | Misconfiguration
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-3046 — itsourcecode E-Logbook with Health Monitoring System for COVID-19 check_profile_old.php s…

A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This vulnerability affects unknown code of the file /check_profile_old.php. The ma…

e-logbook_with_health_monitoring_system_for_covid-19 | Remote | Injection
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-27729 — Astro has memory exhaustion DoS due to missing request body size limit in Server Actions

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action…

astro \@astrojs\/node | Remote | Denial of Service
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
6.6 MEDIUM
CVE-2026-27643 — free5GC has improper error handling in NEF with information exposure

free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the NEF component reliably le…

free5gc udr | Remote | Information Disclosure
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-27642 — free5GC has Improper Input Validation in UDM UEAU Service

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject…

free5gc udm | Remote | Injection
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-26025 — free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.…

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates whe…

free5gc smf | Remote | Denial of Service
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-26024 — free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.…

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates whe…

free5gc smf | Remote | Denial of Service
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.6 HIGH
CVE-2026-25802 — New API has Potential XSS in its MarkdownRenderer component

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component `MarkdownRen…

new_api | Remote | Cross-Site Scripting
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
Showing 20 of 5217 Results