Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2025-67805 — Sage DPW Unauthenticated Diagnostic Endpoint Information Disclosure

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table …

| Misconfiguration
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
0.0 NA
CVE-2025-67806 — Sage DPW Account Enumeration Vulnerability

The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administr…

| Information Disclosure
Apr 01, 2026 Apr 01, 2026
Apr 01, 2026
Apr 01, 2026
7.5 HIGH
CVE-2026-5237 — itsourcecode Payroll Management System Parameter manage_user.php sql injection

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage_user.php of the component Parameter H…

payroll_management_system | Remote | Injection
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
5.3 MEDIUM
CVE-2026-5236 — Axiomatic Bento4 DSI v1 Ap4Dac4Atom.cpp SkipBits heap-based overflow

A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of t…

bento4 | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
5.3 MEDIUM
CVE-2026-5235 — Axiomatic Bento4 MP4 File Ap4Dac4Atom.cpp ReadCache heap-based overflow

A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation …

bento4 | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34556 — iccDEV: HBO in icAnsiToUtf8()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow (HBO) in icAnsiToUtf8() in the XML conversion pa…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34555 — iccDEV: SBO in CIccTagFixedNum::GetValues()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow (SBO) in CIccTagFixedNum<>::GetValues() and a r…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34554 — iccDEV: HBO in CIccApplyCmmSearch::costFunc()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a heap-buffer-overflow (HBO) in CIccApplyCmmSearch::costFunc() can be triggered …

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
4.0 MEDIUM
CVE-2026-34553 — iccDEV: DoS in CIccCLUT::Iterate() & CIccMBB::Describe()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate() and …

iccdev
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34552 — iccDEV: UB at IccTagLut.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) issue in IccTagLut.cpp where the code perfor…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34551 — iccDEV: NPD in CIccTagLut16::Write()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a null-pointer dereference (NPD) in CIccTagLut16::Write() can be triggered when …

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34550 — iccDEV: UB at IccIO.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in IccProfLib/IccIO.cpp caused by …

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34549 — iccDEV: UB at IccUtil.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in IccUtil.cpp triggered by a craf…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34548 — iccDEV: UB at IccUtilXml.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in the XML conversion tooling path…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34547 — iccDEV: UB at IccUtil.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior (UB) condition in IccUtil.cpp can be triggered by a crafte…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34546 — iccDEV: UB at TiffImg.h

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted TIFF input can trigger Undefined Behavior (UB) due to division by zero…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.4 MEDIUM
CVE-2026-2480 — WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.10 - Authenticated (Contributor+) Store…

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'max_width' attribute of the `su_box` shortcode in all versions up to, and inc…

shortcodes_ultimate | Remote | Cross-Site Scripting
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
5.3 MEDIUM
CVE-2026-5215 — D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72…

dns-320_firmware dnr-322l_firmware dns-320l_firmware dns-120_firmware dnr-202l_firmware dns-315l_firmware +14 more | Authentication
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
9.0 HIGH
CVE-2026-5214 — D-Link DNS-1550-04 account_mgr.cgi cgi_addgroup_get_group_quota_minsize stack-based overf…

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, …

dns-320_firmware dnr-322l_firmware dns-320l_firmware dns-120_firmware dnr-202l_firmware dns-315l_firmware +14 more | Remote | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
8.6 HIGH
CVE-2026-34605 — SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, un…

SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynam…

siyuan | Remote | Cross-Site Scripting
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
Showing 20 of 6265 Results