Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-46673 — Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent i…

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh rele…

Remote | Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.7 HIGH
CVE-2026-46669 — `openvm-pairing` pairing check missing proper subfield check on scaling factor

OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theor…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
2.3 LOW
CVE-2026-46668 — SpiceDB: Caveat structures with nested lists can result in improper cache reuse

SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can re…

spicedb | Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.9 HIGH
CVE-2026-46654 — Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss

Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges,…

Remote | Cryptography
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.5 HIGH
CVE-2026-46625 — JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute inj…

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the sour…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.2 MEDIUM
CVE-2026-46523 — ImageMagick: Use-After-Free in MSL decoder.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Version…

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.5 HIGH
CVE-2026-46522 — ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file cou…

Remote | Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.5 HIGH
CVE-2026-46520 — ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of differ…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out …

Remote | Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.5 HIGH
CVE-2026-45783 — libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mo…

Remote | Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.3 MEDIUM
CVE-2026-45664 — ImageMagick: Policy Bypass in MNG coder could

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possib…

Remote | Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.1 MEDIUM
CVE-2026-45624 — ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-…

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.1 MEDIUM
CVE-2026-45384 — bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archiv…

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on…

bit7z | Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
3.6 LOW
CVE-2026-45380 — bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymli…

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allo…

bit7z | Path Traversal
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.7 MEDIUM
CVE-2026-45359 — ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in…

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.3 MEDIUM
CVE-2026-45358 — ImageMagick: Out-of-Bounds Read of a single byte in meta encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bo…

Remote | Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.3 MEDIUM
CVE-2026-45031 — ImageMagick: Policy Bypass in PSD decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-44692 — Authenticated Sharp users can download unrelated Laravel Storage objects through the gene…

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity ins…

sharp | Remote | Information Disclosure
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.5 HIGH
CVE-2026-42542 — TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote…

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process b…

Remote | Denial of Service
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.0 HIGH
CVE-2026-42462 — Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to…

Remote | Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.1 MEDIUM
CVE-2026-42326 — ImageMagick: Heap Buffer Over-Read in IPTC encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could …

| Memory Corruption
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
Showing 20 of 7429 Results