Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-0512 — Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Ha…

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed …

Remote | Cross-Site Scripting
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
6.1 MEDIUM
CVE-2026-6203 — User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_…

The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via t…

user_registration_\&_membership | Remote | Misconfiguration
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-5086 — Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in tim…

| Cryptography
Apr 13, 2026 Apr 14, 2026
Apr 13, 2026
Apr 14, 2026
6.9 MEDIUM
CVE-2026-39979 — jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counte…

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its …

jq | Remote | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.1 MEDIUM
CVE-2026-39956 — jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosu…

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes its arguments directly to jv_string_indexes() with…

jq | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-6224 — nocobase plugin-workflow-javascript Vm.js createSafeConsole sandbox

A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javas…

Remote | Misconfiguration
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.8 MEDIUM
CVE-2026-6220 — HummerRisk Video File Download URL ServerService.java ServerService.addServer server-side…

A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handl…

hummerrisk | Remote | Server-Side Request Forgery
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.0 HIGH
CVE-2026-4786 — Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbro…

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the …

python | Injection
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.2 MEDIUM
CVE-2026-40312 — ImageMagick: Off-by-One in MSL decoder could result in crash

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malico…

imagemagick | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.5 MEDIUM
CVE-2026-40311 — ImageMagick: Heap-use-after-free via XMP profile could result in a crash when printing va…

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash…

imagemagick | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.5 MEDIUM
CVE-2026-40310 — ImageMagick: Heap out-of-bounds write in JP2 encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with w…

imagemagick | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.5 MEDIUM
CVE-2026-40183 — ImageMagick: Heap buffer overflow when encoding JXL image with a 16-bit float

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the im…

imagemagick | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.2 MEDIUM
CVE-2026-40169 — ImageMagick: Heap buffer overflow (WRITE) in the YAML and JSON encoders

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a y…

imagemagick | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.1 MEDIUM
CVE-2026-34238 — ImageMagick: Integer overflow in despeckle operation causes heap buffer overflow on 32-bi…

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a h…

imagemagick | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
6.2 MEDIUM
CVE-2026-33947 — jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in jq's src/jv_aux.c use unbounded recursion whose depth is controlled by…

jq | Denial of Service
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-33908 — ImageMagick is vulnerable to Stack Overflow in DestroyXMLTree()

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyX…

imagemagick | Remote | Denial of Service
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.5 MEDIUM
CVE-2026-33905 — ImageMagick has an Out-of-Bounds read via -sample operation

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an s…

imagemagick | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
5.5 MEDIUM
CVE-2026-33902 — ImageMagick: Stack Overflow via Recursive FX Expression Parsing

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expres…

imagemagick | Memory Corruption
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
7.5 HIGH
CVE-2026-22566 — Ubiquiti UniFi Play WiFi Credentials Exposure

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials.
 Affected Products: UniFi Play PowerAmp (Version …

Remote | Authorization
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
0.0 NA
CVE-2026-22565 — "UniFi Play PowerAmp and Audio Port Improper Input Validation Denial of Service"

An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
 Affected Products: UniFi Play PowerAmp (Versi…

| Denial of Service
Apr 13, 2026 Apr 13, 2026
Apr 13, 2026
Apr 13, 2026
Showing 20 of 6303 Results