Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.3 MEDIUM
CVE-2026-28689 — ImageMagick has a Path Policy TOCTOU symlink race bypass

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/…

imagemagick | Path Traversal
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
4.0 MEDIUM
CVE-2026-28688 — ImageMagick has a heap use-after-free in the MSL encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder,…

imagemagick | Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
5.3 MEDIUM
CVE-2026-28687 — ImageMagick has a Heap Use-After-Free in ImageMagick MSL decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decod…

imagemagick | Remote | Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
6.8 MEDIUM
CVE-2026-28686 — ImageMagick has a write heap-buffer-overflow in PCL encoder via undersized output buffer

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode …

imagemagick | Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
7.1 HIGH
CVE-2026-28494 — ImageMagick affected by stack corruption through long morphology kernel names or arrays

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology ker…

imagemagick | Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
6.5 MEDIUM
CVE-2026-28493 — ImageMagick has a Integer Overflow leading to out of bounds write in SIXEL decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerabil…

imagemagick | Remote | Memory Corruption
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
2.3 LOW
CVE-2026-28433 — Misskey lacks resource ownership validation

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' d…

misskey | Remote | Authorization
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
7.1 HIGH
CVE-2026-28432 — HTTP signature verification can be bypassed

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnera…

misskey | Remote | Misconfiguration
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
9.2 CRITICAL
CVE-2026-28431 — Misskey lacks proper authorization checks and input validation

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data…

misskey | Remote | Authorization
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
6.3 MEDIUM
CVE-2026-26982 — Ghostty affected by arbitrary command execution via control characters in paste and drag-…

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+C) in pasted and dropped text. These can be used to execute arbitrary commands in some shell enviro…

Remote | Injection
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
6.0 MEDIUM
CVE-2026-1776 — Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary fi…

Remote | Path Traversal
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
7.3 HIGH
CVE-2026-2364 — CODESYS Installer TOCTOU Privilege Escalation

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability …

| Race Condition
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
0.0 NA
CVE-2026-1508 — Court Reservation < 1.10.9 - Event Deletion via CSRF

The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack

| Cross-Site Request Forgery
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
9.8 CRITICAL
CVE-2026-0953 — Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login

The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that …

Remote | Authentication
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
7.5 HIGH
CVE-2026-3585 — The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_cre…

The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' function. This makes it possible for authentica…

Remote | Path Traversal
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
5.3 MEDIUM
CVE-2026-1919 — Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoi…

Remote | Authorization
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
5.3 MEDIUM
CVE-2026-1920 — Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'Extension_Con…

Remote | Authorization
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
7.7 HIGH
CVE-2026-27689 — Denial of service (DOS) in SAP Supply Chain Management

Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled functio…

supply_chain_management | Remote | Denial of Service
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
5.0 MEDIUM
CVE-2026-27688 — Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function mo…

Remote | Authorization
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
5.8 MEDIUM
CVE-2026-27687 — Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a…

Remote | Authorization
Mar 10, 2026 Mar 10, 2026
Mar 10, 2026
Mar 10, 2026
Showing 20 of 5066 Results