Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.5 MEDIUM
CVE-2026-48724 — ImageMagick: Heap Buffer Underwrite in Floyd-Steinberg depth dithering

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will ca…

imagemagick | Memory Corruption
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
5.7 MEDIUM
CVE-2026-47734 — Dulwich has unbounded memory allocation in receive-pack from crafted thin packs

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack (~17…

dulwich | Remote | Denial of Service
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
3.3 LOW
CVE-2026-47712 — Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.format_patch(outdir=...) derives each patch fil…

dulwich | Path Traversal
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
0.0 NA
CVE-2026-47342 — Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass

A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended…

ofbiz | Authorization
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
6.5 MEDIUM
CVE-2026-47213 — BoxLite: Timeout Bypass Vulnerability

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows …

Remote | Denial of Service
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
5.7 MEDIUM
CVE-2026-47166 — ImageMagick: Heap Buffer Over-Read in distributed pixel cache server

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache serv…

imagemagick | Memory Corruption
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
4.1 MEDIUM
CVE-2026-47165 — ImageMagick: Information Disclosure in distributed pixel cache server because it is not u…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate…

imagemagick | Authentication
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
9.6 CRITICAL
CVE-2026-46703 — BoxLite: Path Traversal Vulnerability in boxlite Leads to Arbitrary File Write on the Host

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users…

Remote | Path Traversal
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
10.0 CRITICAL
CVE-2026-46695 — BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not res…

Remote | Misconfiguration
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
4.1 MEDIUM
CVE-2026-46693 — ImageMagick: Race Condition in distributed pixel cache server can result in file descript…

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache serv…

imagemagick | Race Condition
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
4.1 MEDIUM
CVE-2026-46692 — ImageMagick: Heap Buffer Over-Write in distributed pixel cache server

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache serv…

imagemagick | Memory Corruption
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
4.3 MEDIUM
CVE-2026-46645 — SQLAdmin: Authorization Bypass on `ajax_lookup`

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that all other endp…

Remote | Authorization
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
4.0 MEDIUM
CVE-2026-46559 — ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer ov…

imagemagick | Memory Corruption
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
6.2 MEDIUM
CVE-2026-46557 — ImageMagick: Stack overflow in fx operation

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation b…

imagemagick | Memory Corruption
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
5.5 MEDIUM
CVE-2026-46521 — ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of boun…

imagemagick | Memory Corruption
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
8.8 HIGH
CVE-2026-44693 — Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session manageme…

ftldns | Remote | Race Condition
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
4.3 MEDIUM
CVE-2026-42568 — Yamcs Vulnerable to LDAP Injection in LdapAuthModule

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username…

Remote | Injection
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
7.7 HIGH
CVE-2026-42563 — Dulwich Vulnerable to Command Injection via Merge Driver Path

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `ProcessMergeDriver` substitutes the file path (from th…

dulwich | Remote | Injection
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
7.6 HIGH
CVE-2026-42558 — Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in Data…

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe San…

xibo | Remote | Cross-Site Scripting
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
8.8 HIGH
CVE-2026-42305 — Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when clon…

dulwich | Remote | Path Traversal
Jun 10, 2026 Jun 11, 2026
Jun 10, 2026
Jun 11, 2026
Showing 20 of 7110 Results