Search

Found 25,255 results in 2116ms · Match type: Filtered list

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2026-28687	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decod…
CVE-2026-28686	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode …
CVE-2026-28494	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology ker…
CVE-2026-28493	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerabil…
CVE-2026-26284	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huf…
CVE-2026-25986	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVIm…
CVE-2026-25982	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/…
CVE-2026-25971	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs…
CVE-2026-25970	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL…
CVE-2026-25968	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribut…
CVE-2026-2366	unknown	—	—				3mo ago	Keycloak vulnerable to authorization bypass via the Admin API
CVE-2026-4010	low	3.3	3.3				3mo ago	A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. The manipulation of the argument leng…
CVE-2026-4009	low	3.3	3.3				3mo ago	A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File P…
CVE-2026-3984	low	3.5	3.5				3mo ago	A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation o…
CVE-2026-3983	low	3.5	3.5				3mo ago	A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argume…
CVE-2026-3963	low	3.7	3.7				3mo ago	A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component A…
CVE-2026-3950	low	3.3	3.3	FIX	debian sles		3mo ago	A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to o…
CVE-2026-3949	low	3.3	3.3		debian sles		3mo ago	A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing…
CVE-2026-3429	unknown	—	—				3mo ago	Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API
CVE-2026-3946	low	3.5	3.5				3mo ago	A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site…
CVE-2026-3911	low	2.7	2.7			redhat	3mo ago	Keycloak: Information disclosure of disabled user attributes via administrative endpoint
CVE-2026-31853	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when…
CVE-2026-30883	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overfl…
CVE-2026-28692	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesi…
CVE-2026-28689	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/…
CVE-2026-23907	unknown	—	—		debian sles		3mo ago	Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function
CVE-2026-21791	low	3.3	3.3			hcltech	3mo ago	HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL
CVE-2025-15603	low	3.7	3.7				3mo ago	A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the component JWT Key Handler. Such manipulation of the…
CVE-2026-24713	unknown	—	—				3mo ago	Apache IoTDB has an Improper Input Validation vulnerability
CVE-2026-24015	unknown	—	—				3mo ago	Apache IoTDB has an Insecure Default Configuration Vulnerability
CVE-2026-1603	unknown	—	1.5	KEV			3mo ago	Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential …
CVE-2025-26399	unknown	—	1.5	KEV			3mo ago	SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine.
CVE-2021-22054	unknown	—	1.5	KEV			3mo ago	Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send …
CVE-2026-3668	low	3.1	3.1				3mo ago	A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access…
CVE-2026-24308	unknown	—	—	FIX	debian		3mo ago	Apache ZooKeeper has improper handling of configuration values
CVE-2026-24281	unknown	—	—	FIX	debian		3mo ago	Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager
CVE-2026-27142	unknown	—	—	FIX	debian sles	google	3mo ago	Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG set…
CVE-2026-27139	unknown	—	—	FIX	debian sles	google	3mo ago	On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impac…
CVE-2026-27138	unknown	—	—	FIX	debian sles		3mo ago	Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either di…
CVE-2025-11143	low	—	2.5	FIX	debian sles		3mo ago	org.eclipse.jetty:jetty-http has different parsing of invalid URIs
CVE-2026-3047	unknown	—	—				3mo ago	Keycloak SAML Broken has Authentication Bypass by Primary Weakness
CVE-2026-3009	unknown	—	—				3mo ago	Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator
CVE-2026-1605	unknown	—	—	FIX	debian		3mo ago	The Eclipse Jetty Server Artifact has a Gzip request memory leak
CVE-2026-28277	unknown	—	—				3mo ago	LangGraph checkpoint loading has unsafe msgpack deserialization
CVE-2026-27982	unknown	—	—	FIX	debian		3mo ago	django-allauth has an open redirect vulnerability
CVE-2026-29000	unknown	—	—				3mo ago	pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT
CVE-2023-41974	unknown	—	1.5	KEV	ios		3mo ago	Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
CVE-2021-22681	unknown	—	1.5	KEV			3mo ago	Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controll…
CVE-2017-7921	unknown	—	2.5	KEVEXP			3mo ago	Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information.
CVE-2026-29062	unknown	—	—	FIX	debian		3mo ago	jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion
CVE-2026-28802	unknown	—	—	FIX	debian		3mo ago	Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an emp…
CVE-2026-3351	unknown	—	—	FIX	debian		3mo ago	Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd se…
CVE-2025-66024	unknown	—	—				3mo ago	XWiki Blog Application home page vulnerable to Stored XSS via Post Title
CVE-2025-66168	unknown	—	—		debian		3mo ago	Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound
CVE-2026-0540	unknown	—	—	FIX	debian		3mo ago	DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five …
CVE-2025-15599	unknown	—	—	FIX	debian		3mo ago	DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext elemen…
CVE-2026-25674	unknown	—	—	FIX	sles debian		3mo ago	An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file s…
CVE-2026-25673	unknown	—	—	FIX	sles debian		3mo ago	An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows t…
CVE-2026-3465	low	3.1	3.1				3mo ago	A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the a…
CVE-2025-59060	unknown	—	—				3mo ago	Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch
CVE-2025-59059	unknown	—	—				3mo ago	Apache Ranger has a Code Injection vulnerability
CVE-2026-3449	low	3.3	3.3		sles		3mo ago	@tootallnate/once vulnerable to Incorrect Control Flow Scoping
CVE-2026-22719	unknown	—	1.5	KEV			3mo ago	Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potenti…
CVE-2026-21385	unknown	—	1.5	KEV			3mo ago	Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation.
CVE-2026-27932	unknown	—	—	FIX	debian		3mo ago	joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows…
CVE-2026-3407	low	3.3	3.3				3mo ago	A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes h…
CVE-2026-28416	unknown	—	—				3mo ago	Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
CVE-2026-28415	unknown	—	—				3mo ago	Gradio has an Open Redirect in its OAuth Flow
CVE-2026-28414	unknown	—	—				3mo ago	Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
CVE-2026-27167	unknown	—	—				3mo ago	Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
CVE-2026-28338	unknown	—	—				3mo ago	PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages
CVE-2026-28208	unknown	—	—				3mo ago	Junrar has an arbitrary file write due to backslash Path Traversal bypass in LocalFolderExtractor on Linux/Unix
CVE-2026-21619	unknown	—	—	FIX	debian		3mo ago	Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Obje…
CVE-2026-0871	unknown	—	—				3mo ago	Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Profile Attributes
CVE-2025-12150	unknown	—	—				3mo ago	Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass
CVE-2026-27141	unknown	—	—	FIX	debian sles		3mo ago	Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
CVE-2026-27799	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image…
CVE-2026-27798	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing a…
CVE-2026-27830	unknown	—	—		debian sles		3mo ago	c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property
CVE-2026-27727	unknown	—	—		sles		3mo ago	mchange-commons-java: Remote Code Execution via JNDI Reference Resolution
CVE-2026-3193	low	3.1	3.1			chia	3mo ago	A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be perform…
CVE-2026-21725	low	2.0	2.0		sles	grafana	3mo ago	A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to…
CVE-2026-20127	unknown	—	2.5	KEVEXP			3mo ago	Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, re…
CVE-2022-20775	unknown	—	1.5	KEV			3mo ago	Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application C…
CVE-2026-27571	unknown	—	—	FIX	debian		3mo ago	NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated comp…
CVE-2026-26983	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` …
CVE-2026-26283	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop i…
CVE-2026-26066	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infin…
CVE-2026-25989	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-on…
CVE-2026-25988	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image i…
CVE-2026-25987	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image …
CVE-2026-25985	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes Imag…
CVE-2026-25983	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The opera…
CVE-2026-25969	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a…
CVE-2026-25967	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A …
CVE-2026-25966	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard s…
CVE-2026-25965	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw file…
CVE-2026-25898	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index …
CVE-2026-25897	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. O…
CVE-2026-25799	unknown	—	—	FIX	debian sles		3mo ago	ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an inva…