Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,061 - 11,080 of 14,604 CVEs
CVE-2026-25898 MEDIUM - 6.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` ...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25897 MEDIUM - 6.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions ...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2025-11846 MEDIUM - 4.9

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial...

Vendor: Zyxel
Product: VMG3625-T50B firmware, WX3100-T0 firmware
Published: Feb 24, 2026
Source: NVD
CVE-2025-11845 MEDIUM - 4.9

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a ...

Vendor: Zyxel
Product: VMG3625-T50B firmware, WX3100-T0 firmware
Published: Feb 24, 2026
Source: NVD
CVE-2026-3051 MEDIUM - 6.3

A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the component Project Name Handler. Such manipulation of the argument projectName leads to path traversal. Th...

Vendor: dinky
Product: dinky
Published: Feb 24, 2026
Source: NVD
CVE-2026-3049 MEDIUM - 4.3

A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla_generics/global_search.py of the component Query Parameter Handler. The manipulation of the argument prev_url results in open redirect. The attack can be executed remotely....

Vendor: horilla
Product: horilla
Published: Feb 24, 2026
Source: NVD
CVE-2026-27729 MEDIUM - 5.9

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites bu...

Vendor: withastro
Product: astro
Published: Feb 24, 2026
Source: NVD
CVE-2026-27643 MEDIUM - 5.3

free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details (e.g., invalid character 'n' after top-level value) to r...

Vendor: free5gc
Product: udr
Published: Feb 24, 2026
Source: NVD
CVE-2026-25799 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting i...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25798 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image f...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25797 MEDIUM - 5.7

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malic...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25796 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ ...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25795 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25638 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasin...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25637 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never free...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-25576 MEDIUM - 5.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger ...

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-24484 MEDIUM - 5.3

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Vendor: ImageMagick
Product: ImageMagick
Published: Feb 24, 2026
Source: NVD
CVE-2026-21864 MEDIUM - 6.5

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter (Module) data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted `RESTORE` command can cause Valkey to hit an assertion, causes the server to shutdow...

Vendor: valkey-io
Product: valkey-bloom
Published: Feb 24, 2026
Source: NVD
CVE-2025-69253 MEDIUM - 5.3

free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details (e.g., invalid character &...

Vendor: free5gc
Product: udr
Published: Feb 24, 2026
Source: NVD
CVE-2026-3043 MEDIUM - 4.3

A flaw has been found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/navbar.php. Executing a manipulation of the argument page can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and ma...

Vendor: admerc
Product: event_management_system
Published: Feb 24, 2026
Source: NVD