Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-25897 — ImageMagick has heap overflow in sun decoder on 32-bit systems that can result in out of …

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. O…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
4.9 MEDIUM
CVE-2025-11846 — Zyxel VMG3625-T50B and WX3100-T0 Null Pointer Dereference DoS Vulnerability

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.5…

nebula_fwa510_firmware nebula_fwa710_firmware dx3301-t0_firmware dx4510-b1_firmware emg3525-t50b_firmware emg5523-t50b_firmware +102 more | Remote | Denial of Service
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
4.9 MEDIUM
CVE-2025-11845 — Zyxel VMG3625-T50B and WX3100-T0 Null Pointer Dereference Denial-of-Service Vulnerability

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions throu…

nebula_fwa510_firmware nebula_fwa710_firmware dx3301-t0_firmware dx4510-b1_firmware emg3525-t50b_firmware emg5523-t50b_firmware +102 more | Remote | Memory Corruption
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.6 HIGH
CVE-2026-3051 — DataLinkDC dinky Project Name GitRepository.java getProjectDir path traversal

A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the comp…

dinky | Remote | Path Traversal
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
5.4 MEDIUM
CVE-2026-3050 — horilla-opensource horilla Leads global.js cross site scripting

A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argumen…

horilla | Remote | Cross-Site Scripting
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
6.1 MEDIUM
CVE-2026-3049 — horilla-opensource horilla Query Parameter global_search.py get redirect

A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla_generics/global_search.py of the component Query Parameter Handler. The…

horilla | Remote | Misconfiguration
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2026-3046 — itsourcecode E-Logbook with Health Monitoring System for COVID-19 check_profile_old.php s…

A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This vulnerability affects unknown code of the file /check_profile_old.php. The ma…

e-logbook_with_health_monitoring_system_for_covid-19 | Remote | Injection
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-27729 — Astro has memory exhaustion DoS due to missing request body size limit in Server Actions

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action…

astro \@astrojs\/node | Remote | Denial of Service
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
6.6 MEDIUM
CVE-2026-27643 — free5GC has improper error handling in NEF with information exposure

free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the NEF component reliably le…

free5gc udr | Remote | Information Disclosure
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-27642 — free5GC has Improper Input Validation in UDM UEAU Service

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject…

free5gc udm | Remote | Injection
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-26025 — free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.…

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates whe…

free5gc smf | Remote | Denial of Service
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-26024 — free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.…

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates whe…

free5gc smf | Remote | Denial of Service
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.6 HIGH
CVE-2026-25802 — New API has Potential XSS in its MarkdownRenderer component

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component `MarkdownRen…

new_api | Remote | Cross-Site Scripting
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-25799 — ImageMagick has Division-by-Zero in YUV sampling factor validation, which leads to crash

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an inva…

imagemagick | Remote | Denial of Service
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
7.5 HIGH
CVE-2026-25798 — ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows…

imagemagick | Remote | Denial of Service
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
5.7 MEDIUM
CVE-2026-25797 — ImageMagick vulnerable to Code injection via PostScript header in ps coders

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails…

imagemagick | Injection
Feb 24, 2026 Feb 25, 2026
Feb 24, 2026
Feb 25, 2026
7.5 HIGH
CVE-2026-25796 — ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple err…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` …

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
7.5 HIGH
CVE-2026-25795 — ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file crea…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
8.2 HIGH
CVE-2026-25794 — ImageMagick has heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when…

ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to ver…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
5.3 MEDIUM
CVE-2026-25638 — ImageMagick has memory leak in msl encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` f…

imagemagick | Remote | Memory Corruption
Feb 24, 2026 Feb 24, 2026
Feb 24, 2026
Feb 24, 2026
Showing 20 of 5265 Results