Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.0 HIGH
CVE-2026-5214 — D-Link DNS-1550-04 account_mgr.cgi cgi_addgroup_get_group_quota_minsize stack-based overf…

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, …

dns-320_firmware dnr-322l_firmware dns-320l_firmware dns-120_firmware dnr-202l_firmware dns-315l_firmware +14 more | Remote | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
8.6 HIGH
CVE-2026-34605 — SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, un…

SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynam…

siyuan | Remote | Cross-Site Scripting
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
8.6 HIGH
CVE-2026-34585 — SiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution

SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed w…

siyuan | Cross-Site Scripting
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34542 — iccDEV: SBO in CIccCalculatorFunc::Apply()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack-buffer-overflow (SBO) in CIccCalculato…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34541 — iccDEV: UB in CIccCombinedConnectionConditions::CIccCombinedConnectionConditions()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) via a null-pointer mem…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34540 — iccDEV: HBO in icMemDump()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in icMemDump() wh…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34539 — iccDEV: HBO in CTiffImg::WriteLine()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow (HBO) in…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34537 — iccDEV: UB in CIccOpDefEnvVar::Exec()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccOpDefEnvVar::Ex…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34536 — iccDEV: SO in SIccCalcOp::ArgsUsed()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack overflow (SO) in SIccCalcOp::ArgsUsed(…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34535 — iccDEV: SEGV in CIccTagArray::Cleanup()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault (SEGV) in CIccTagArray::C…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34534 — iccDEV: HBO in CIccMpeSpectralMatrix::Describe()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in CIccMpeSpectra…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.2 MEDIUM
CVE-2026-34533 — iccDEV: UB in CIccCalculatorFunc::ApplySequence()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccCalculatorFunc:…

iccdev | Memory Corruption
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
7.5 HIGH
CVE-2026-34453 — SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish…

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-…

siyuan | Remote | Authorization
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
5.8 MEDIUM
CVE-2026-34452 — Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK …

| Path Traversal
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.3 MEDIUM
CVE-2026-34451 — Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling D…

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in t…

Remote | Path Traversal
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
4.8 MEDIUM
CVE-2026-34450 — Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK create…

| Misconfiguration
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
9.6 CRITICAL
CVE-2026-34449 — SiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection

SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Execution (RCE) on any desktop running SiYuan by exploiting the permissive CORS p…

siyuan | Remote | Misconfiguration
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
9.0 CRITICAL
CVE-2026-34448 — SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary comm…

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gal…

siyuan | Remote | Cross-Site Scripting
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.9 MEDIUM
CVE-2026-34443 — FreeScout: SSRF protection bypass via broken CIDR check in checkIpByMask()

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask() in app/Misc/Helper.php checks whether the input IP contains a / character.…

freescout | Remote | Misconfiguration
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
6.1 MEDIUM
CVE-2026-34442 — FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect i…

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version (http://localhost:8080/system/status) allows…

freescout | Remote | Server-Side Request Forgery
Mar 31, 2026 Apr 01, 2026
Mar 31, 2026
Apr 01, 2026
Showing 20 of 6230 Results