Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.8 HIGH
CVE-2026-30987 — iccDEV has a stack buffer overflow in CIccTagNum<(icTagTypeSignature)>::GetValues()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum<>::GetValues() causing stack memory corru…

| Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
5.5 MEDIUM
CVE-2026-30986 — iccDEV has a heap-based buffer overflow write in CIccCLUT::Interp3d()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory…

| Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
7.8 HIGH
CVE-2026-30985 — iccDEV has a heap-based buffer overflow write in CIccMatrixMath::SetRange()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory…

| Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
6.1 MEDIUM
CVE-2026-30984 — iccDEV has a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence() causing an app…

| Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
7.8 HIGH
CVE-2026-30983 — iccDEV has a stack buffer overflow in icFixXml()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption …

| Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
6.1 MEDIUM
CVE-2026-30982 — iccDEV has a heap out-of-bounds read in CIccPcsXform::pushXYZConvert()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccPcsXform::pushXYZConvert() causing crash and p…

| Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
6.1 MEDIUM
CVE-2026-30981 — iccDEV has a heap-buffer-overflow read in CIccXmlArrayType<>

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType<>::DumpArray() causing out-of-b…

| Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
5.5 MEDIUM
CVE-2026-30980 — iccDEV has a stack overflow in CIccBasicStructFactory::CreateStruct()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct() causing uncontrolled…

| Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
7.8 HIGH
CVE-2026-30979 — iccDEV has a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered wi…

| Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
7.8 HIGH
CVE-2026-30978 — Heap-use-after-free in CIccCmm::AddXform()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXform() causing invalid vptr dereference a…

| Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
2.0 LOW
CVE-2026-30977 — RenderBlocking has Stored XSS in renderblocking-css with Inline Assets mode

RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Asset…

Remote | Cross-Site Scripting
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
4.6 MEDIUM
CVE-2026-30974 — Copyparty volflag `nohtml` did not block javascript in svg files

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with wr…

copyparty | Remote | Cross-Site Scripting
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
6.5 MEDIUM
CVE-2026-30973 — Zip Slip arbitrary file write in @appium/support ZIP extraction

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation (extractA…

Remote | Path Traversal
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
8.8 HIGH
CVE-2026-30970 — Session authentication bypass in Coral Server session creation endpoint

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent s…

Remote | Authentication
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
7.6 HIGH
CVE-2026-30969 — Coral Server has insufficient agent authentication in session communication channels

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authenti…

Remote | Authentication
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
8.6 HIGH
CVE-2026-30968 — Coral Server has insufficient validation of agent identity for SSE connections

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the SSE endpoint (/sse/v1/...) in Coral Serv…

Remote | Authentication
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
5.4 MEDIUM
CVE-2026-30964 — Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypas…

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allo…

Remote | Authentication
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
9.4 CRITICAL
CVE-2026-30960 — RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Int…

rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exi…

| Injection
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
5.3 MEDIUM
CVE-2026-30959 — OneUptime has WhatsApp Resend Verification Authorization Bypass

OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp rec…

Remote | Authorization
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
7.2 HIGH
CVE-2026-30958 — OneUptime: Path Traversal — Arbitrary File Read (No Auth)

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files f…

oneuptime | Remote | Path Traversal
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
Showing 20 of 5327 Results