Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-53460 — ImageMagick: Policy Bypass can trigger out-of-Memory condition

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMe…

imagemagick | Remote | Denial of Service
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
7.5 HIGH
CVE-2026-52726 — Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurs…

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, `dulwich.porcelain.submodule_update`, and by extension `porcelain…

Remote | Path Traversal
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
8.8 HIGH
CVE-2026-50223 — Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Lea…

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template inj…

ofbiz | Remote | Injection
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
5.5 MEDIUM
CVE-2026-49219 — ImageMagick: Policy Bypass can read disallowed files

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy by…

imagemagick | Path Traversal
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
7.5 HIGH
CVE-2026-49218 — ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image wi…

imagemagick | Remote | Denial of Service
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
5.9 MEDIUM
CVE-2026-48994 — ImageMagick: Heap Buffer Over-Write in MAT decoder on 32-bit systems

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer …

imagemagick | Remote | Memory Corruption
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
5.5 MEDIUM
CVE-2026-48734 — ImageMagick: Stack Overflow in MVG decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a m…

imagemagick | Memory Corruption
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
4.7 MEDIUM
CVE-2026-48733 — ImageMagick: Infinite Loop in subimage-search with crafted image

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen w…

imagemagick | Denial of Service
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
5.5 MEDIUM
CVE-2026-48724 — ImageMagick: Heap Buffer Underwrite in Floyd-Steinberg depth dithering

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will ca…

imagemagick | Memory Corruption
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
5.7 MEDIUM
CVE-2026-47734 — Dulwich has unbounded memory allocation in receive-pack from crafted thin packs

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack (~17…

dulwich | Remote | Denial of Service
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
3.3 LOW
CVE-2026-47712 — Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.format_patch(outdir=...) derives each patch fil…

dulwich | Path Traversal
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47342 — Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass

A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended…

ofbiz | Authorization
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
6.5 MEDIUM
CVE-2026-47213 — BoxLite: Timeout Bypass Vulnerability

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows …

Remote | Denial of Service
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
5.7 MEDIUM
CVE-2026-47166 — ImageMagick: Heap Buffer Over-Read in distributed pixel cache server

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache serv…

imagemagick | Memory Corruption
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
4.1 MEDIUM
CVE-2026-47165 — ImageMagick: Information Disclosure in distributed pixel cache server because it is not u…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate…

imagemagick | Authentication
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
9.6 CRITICAL
CVE-2026-46703 — BoxLite: Path Traversal Vulnerability in boxlite Leads to Arbitrary File Write on the Host

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users…

Remote | Path Traversal
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
10.0 CRITICAL
CVE-2026-46695 — BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not res…

Remote | Misconfiguration
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
4.1 MEDIUM
CVE-2026-46693 — ImageMagick: Race Condition in distributed pixel cache server can result in file descript…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache serv…

imagemagick | Race Condition
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
4.1 MEDIUM
CVE-2026-46692 — ImageMagick: Heap Buffer Over-Write in distributed pixel cache server

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache serv…

imagemagick | Memory Corruption
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
4.3 MEDIUM
CVE-2026-46645 — SQLAdmin: Authorization Bypass on `ajax_lookup`

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that all other endp…

Remote | Authorization
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
Showing 20 of 7080 Results