Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.7 HIGH
CVE-2026-3052 — DataLinkDC dinky Flink Proxy Controller FlinkProxyController.java proxyUba server-side re…

A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the co…

dinky | Remote | Server-Side Request Forgery
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-25988 — ImageMagick's MSL image stack index not refreshed, leading to leaked images.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image i…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
9.1 CRITICAL
CVE-2026-25987 — ImageMagick has heap buffer over-read in MAP image decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image …

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-25986 — ImageMagick has a heap buffer overflow in YUV 4:2:2 decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVIm…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-25985 — Memory allocation with excessive without limits in the internal SVG decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes Imag…

imagemagick | Remote | Denial of Service
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-25983 — ImageMagick has Use After Free in MSLStartElement in "coders/msl.c"

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The opera…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2026-25982 — ImageMagick Has Heap Out-of-Bounds Read in DCM Decoder (ReadDCMImage)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-25971 — ImageMagick's MSL: Stack overflow in ProcessMSLScript

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs…

imagemagick | Remote | Denial of Service
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-25970 — ImageMagick SIXEL Decoder Has Signed Integer Overflow, Leading to Memory Corruption

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-25969 — ImageMagick has Memory Leak in coders/ashlar.c

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-25968 — ImageMagick has MSL attribute stack buffer overflow that leads to out of bounds write.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribut…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-25967 — ImageMagick has stack buffer overflow in FTXT reader via oversized integer field

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A …

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.8 HIGH
CVE-2026-25966 — ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" le…

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard s…

imagemagick | Misconfiguration
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
8.6 HIGH
CVE-2026-25965 — ImageMagick's policy bypass through path traversal allows reading restricted content desp…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw file…

imagemagick | Remote | Path Traversal
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
9.1 CRITICAL
CVE-2026-25898 — Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index …

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-25897 — ImageMagick has heap overflow in sun decoder on 32-bit systems that can result in out of …

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. O…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
4.9 MEDIUM
CVE-2025-11846 — Zyxel VMG3625-T50B and WX3100-T0 Null Pointer Dereference DoS Vulnerability

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.5…

nebula_fwa510_firmware nebula_fwa710_firmware dx3301-t0_firmware dx4510-b1_firmware emg3525-t50b_firmware emg5523-t50b_firmware +102 more | Remote | Denial of Service
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
4.9 MEDIUM
CVE-2025-11845 — Zyxel VMG3625-T50B and WX3100-T0 Null Pointer Dereference Denial-of-Service Vulnerability

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions throu…

nebula_fwa510_firmware nebula_fwa710_firmware dx3301-t0_firmware dx4510-b1_firmware emg3525-t50b_firmware emg5523-t50b_firmware +102 more | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.6 HIGH
CVE-2026-3051 — DataLinkDC dinky Project Name GitRepository.java getProjectDir path traversal

A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the comp…

dinky | Remote | Path Traversal
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
5.4 MEDIUM
CVE-2026-3050 — horilla-opensource horilla Leads global.js cross site scripting

A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argumen…

horilla | Remote | Cross-Site Scripting
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
Showing 20 of 5387 Results