Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.2 MEDIUM
CVE-2026-34547 — iccDEV: UB at IccUtil.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior (UB) condition in IccUtil.cpp can be triggered by a crafte…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34546 — iccDEV: UB at TiffImg.h

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted TIFF input can trigger Undefined Behavior (UB) due to division by zero…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.4 MEDIUM
CVE-2026-2480 — WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.10 - Authenticated (Contributor+) Store…

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'max_width' attribute of the `su_box` shortcode in all versions up to, and inc…

shortcodes_ultimate | Remote | Cross-Site Scripting
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
5.3 MEDIUM
CVE-2026-5215 — D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72…

dns-320_firmware dnr-322l_firmware dns-320l_firmware dns-120_firmware dnr-202l_firmware dns-315l_firmware +14 more | Authentication
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
9.0 HIGH
CVE-2026-5214 — D-Link DNS-1550-04 account_mgr.cgi cgi_addgroup_get_group_quota_minsize stack-based overf…

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, …

dns-320_firmware dnr-322l_firmware dns-320l_firmware dns-120_firmware dnr-202l_firmware dns-315l_firmware +14 more | Remote | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
8.6 HIGH
CVE-2026-34605 — SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, un…

SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynam…

siyuan | Remote | Cross-Site Scripting
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
8.6 HIGH
CVE-2026-34585 — SiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution

SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed w…

siyuan | Cross-Site Scripting
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34542 — iccDEV: SBO in CIccCalculatorFunc::Apply()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow (SBO) in CIccCalculato…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34541 — iccDEV: UB in CIccCombinedConnectionConditions::CIccCombinedConnectionConditions()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) via a null-pointer mem…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34540 — iccDEV: HBO in icMemDump()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in icMemDump() wh…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34539 — iccDEV: HBO in CTiffImg::WriteLine()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow (HBO) in…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34537 — iccDEV: UB in CIccOpDefEnvVar::Exec()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccOpDefEnvVar::Ex…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34536 — iccDEV: SO in SIccCalcOp::ArgsUsed()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack overflow (SO) in SIccCalcOp::ArgsUsed(…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34535 — iccDEV: SEGV in CIccTagArray::Cleanup()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault (SEGV) in CIccTagArray::C…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34534 — iccDEV: HBO in CIccMpeSpectralMatrix::Describe()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in CIccMpeSpectra…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34533 — iccDEV: UB in CIccCalculatorFunc::ApplySequence()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccCalculatorFunc:…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
7.5 HIGH
CVE-2026-34453 — SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish…

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-…

siyuan | Remote | Authorization
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
5.8 MEDIUM
CVE-2026-34452 — Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK …

| Path Traversal
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.3 MEDIUM
CVE-2026-34451 — Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling D…

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in t…

Remote | Path Traversal
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
4.8 MEDIUM
CVE-2026-34450 — Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK create…

| Misconfiguration
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
Showing 20 of 6246 Results