Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.9 MEDIUM
CVE-2026-49858 — API Platform Core: Cross-user attribute leak in JSON:API and HAL item normalizers due to …

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions from 2.6.0 prior to 4.1.29, 4.2.26, and 4.3.12, a missing isCacheKeySafe gate in the JSON:API and HAL item…

core | Remote | Authorization
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
6.9 MEDIUM
CVE-2026-14363 — Cargo Extension: SQLi in Special:Drilldown

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Me…

Remote | Injection
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
7.7 HIGH
CVE-2026-14265 — RCE via Deserialization in AWS Advanced JDBC Wrapper

Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrast…

aws_advanced_jdbc_wrapper | Remote | Injection
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
6.9 MEDIUM
CVE-2026-58517 — Blocked users can create and edit WikiLambda objects

Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass. This issue affects Mediawiki - WikiLambda Extens…

Remote | Authentication
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
7.1 HIGH
CVE-2026-58451 — Horde IMP < 7.0.1 Path Traversal via Compose.php img src

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequenc…

imp | Remote | Path Traversal
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.5 MEDIUM
CVE-2026-55628 — ImageMagick: Policy Bypass in concatenate operation due to missing checks

In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has be…

imagemagick | Path Traversal
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.5 MEDIUM
CVE-2026-55597 — ImageMagick: Heap Buffer Over-Write in JP2 encoder when due to incorrect handling of argu…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the …

imagemagick | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
4.7 MEDIUM
CVE-2026-55595 — ImageMagick: Infinite Loop in connected-components when providing invalid arguments

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when providing invalid arguments to the connected-components o…

imagemagick | Denial of Service
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.3 MEDIUM
CVE-2026-55594 — ImageMagick: Stack Overflow in MVG decoder due to missing depth check.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stac…

imagemagick | Remote | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.9 MEDIUM
CVE-2026-55577 — ImageMagick: Heap Buffer Overflow in ImageMagick MVG decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a heap buffer overflow occurs in the MVG decoder that could re…

imagemagick | Remote | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.5 MEDIUM
CVE-2026-55510 — ImageMagick: Use-After-Free in crafted 8BIM when identifying an image

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, when identifying an image with a crafted 8BIM profile with a s…

imagemagick | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
9.6 CRITICAL
CVE-2026-53492 — containerd CRI checkpoint restore CDI annotation smuggling

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrust…

containerd | Remote | Misconfiguration
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
8.2 HIGH
CVE-2026-53489 — containerd: Arbitrary host CRI log file read via symlink following in CRI checkpoint rest…

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlink…

containerd | Path Traversal
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.3 MEDIUM
CVE-2026-53467 — ImageMagick: Information Disclosure in MNG decoder because allocated memory is left uncha…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contains a possible heap information disclosur…

imagemagick | Remote | Information Disclosure
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
6.5 MEDIUM
CVE-2026-53466 — ImageMagick: Heap Buffer Over-Read in XCF decoder due to integer conversion overflow

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of…

imagemagick | Remote | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
9.8 CRITICAL
CVE-2026-51947 — Pivotal CRM: Insecure Deserialization

An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary cod…

Remote | Injection
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
9.9 CRITICAL
CVE-2026-50195 — containerd: CRI checkpoint import allows local image tag poisoning

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references s…

containerd | Remote | Supply Chain
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
10.0 CRITICAL
CVE-2026-50160 — Mass Assignment via Onboarding Endpoint Allows Unauthenticated JWT_SECRET Overwrite

Hoppscotch is an API development ecosystem. In self-hosted deployments of hoppscotch-backend from version 2026.4.1 and earlier, the unauthenticated POST /v1/onboarding/config endpoint is vulnerable t…

hoppscotch | Remote | Authentication
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
8.7 HIGH
CVE-2026-49119 — Gradio < 6.16.0 Path Traversal via FileExplorer.preprocess()

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() method that allows unauthenticated attackers to escape the configured root directory by supply…

gradio gradio | Remote | Path Traversal
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.5 MEDIUM
CVE-2026-47262 — containerd image-triggered runtime DoS via unbounded group parsing

containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service …

containerd | Denial of Service
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
Showing 20 of 8017 Results