Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12799
Total
856
Critical
3690
High
4021
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40183 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow … | Apr 13, 2026 |
| CVE-2026-40169 | MEDIUM | 6.2 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out … | Apr 13, 2026 |
| CVE-2026-34238 | MEDIUM | 5.1 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the … | Apr 13, 2026 |
| CVE-2026-33947 | MEDIUM | 6.2 | jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in jq's src/jv_aux.c use unbounded recursion whose depth is … | Apr 13, 2026 |
| CVE-2026-33908 | HIGH | 7.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of … | Apr 13, 2026 |
| CVE-2026-33905 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an … | Apr 13, 2026 |
| CVE-2026-33902 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in … | Apr 13, 2026 |
| CVE-2026-22566 | HIGH | 7.5 | An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials. Affected Products: … | Apr 13, 2026 |
| CVE-2026-22565 | UNKNOWN | — | An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding. Affected … | Apr 13, 2026 |
| CVE-2026-22564 | CRITICAL | 9.8 | An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to … | Apr 13, 2026 |
| CVE-2026-22563 | CRITICAL | 9.8 | A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: … | Apr 13, 2026 |
| CVE-2026-22562 | CRITICAL | 9.8 | A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on … | Apr 13, 2026 |
| CVE-2026-6219 | MEDIUM | 5.3 | A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This … | Apr 13, 2026 |
| CVE-2026-6218 | MEDIUM | 4.3 | A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The … | Apr 13, 2026 |
| CVE-2026-6216 | LOW | 3.5 | A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon … | Apr 13, 2026 |
| CVE-2026-33901 | HIGH | 7.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs … | Apr 13, 2026 |
| CVE-2026-33900 | MEDIUM | 5.9 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an … | Apr 13, 2026 |
| CVE-2026-33899 | MEDIUM | 5.3 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file … | Apr 13, 2026 |
| CVE-2026-33740 | MEDIUM | 5.4 | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference (IDOR) … | Apr 13, 2026 |
| CVE-2026-33659 | LOW | 3.5 | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery (SSRF) … | Apr 13, 2026 |
| CVE-2026-32272 | UNKNOWN | — | Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists where the ProductQuery::hasVariant and VariantQuery::hasProduct properties … | Apr 13, 2026 |
| CVE-2026-32271 | UNKNOWN | — | Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in … | Apr 13, 2026 |
| CVE-2026-31280 | UNKNOWN | — | An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying … | Apr 13, 2026 |
| CVE-2026-26460 | UNKNOWN | — | A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter … | Apr 13, 2026 |
| CVE-2025-70936 | MEDIUM | 5.4 | Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulnerability in the MailManager module. Improper handling of user-controlled input in the _folder parameter allows a … | Apr 13, 2026 |