Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-46522 — ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file cou…

Remote | Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.5 HIGH
CVE-2026-46520 — ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of differ…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out …

Remote | Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.5 HIGH
CVE-2026-45783 — libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mo…

libp2p | Remote | Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.3 MEDIUM
CVE-2026-45664 — ImageMagick: Policy Bypass in MNG coder could

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possib…

Remote | Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.1 MEDIUM
CVE-2026-45624 — ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-…

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.1 MEDIUM
CVE-2026-45384 — bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archiv…

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on…

bit7z | Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
3.6 LOW
CVE-2026-45380 — bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymli…

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allo…

bit7z | Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.7 MEDIUM
CVE-2026-45359 — ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in…

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.3 MEDIUM
CVE-2026-45358 — ImageMagick: Out-of-Bounds Read of a single byte in meta encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bo…

Remote | Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.3 MEDIUM
CVE-2026-45031 — ImageMagick: Policy Bypass in PSD decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-44692 — Authenticated Sharp users can download unrelated Laravel Storage objects through the gene…

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity ins…

sharp | Remote | Information Disclosure
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.5 HIGH
CVE-2026-42542 — TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote…

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process b…

Remote | Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.0 HIGH
CVE-2026-42462 — Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to…

fedify | Remote | Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.1 MEDIUM
CVE-2026-42326 — ImageMagick: Heap Buffer Over-Read in IPTC encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could …

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.8 HIGH
CVE-2026-2049 — GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User inte…

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.6 MEDIUM
CVE-2026-11604 — OpenVPN Kernel Memory Corruption and Denial of Service

An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kern…

ovpn-dco-win | Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.5 HIGH
CVE-2026-10143 — kafka-python prior to 2.3.2 DoS via SCRAM Iteration Count in scram.py

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supp…

Remote | Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.5 HIGH
CVE-2026-10142 — kafka-python prior to 2.3.2 Denial of Service via Protocol Parser Frame Length

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by…

Remote | Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.1 HIGH
CVE-2026-0274 — Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resource…

Remote | Authentication
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.1 MEDIUM
CVE-2026-0273 — PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to …

pan-os prisma_access pan-os prisma_access prisma_access pan-os +1 more | Remote | Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
Showing 20 of 7396 Results