CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added yesterday•9 views

CVE-2026-56370

ImageMagick contains an out-of-bounds access in ConnectedComponentsImage() for connected-components artifacts with invalid indices. Affected software: ImageMagick prior to 7.1.2-19. The issue is triggered by malformed connected-components definitions supplied via the CLI, leading to denial of ser...

4.8CVSS6AI score

AstraLinux•added 6 days ago•6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Do not finalize the CSA in IBSS mode if the state is disconnected. When we are not connected to a channel, sending the “switch” announcement doesn’t make any sense. The BSS list is empty in that case. This causes...

5.5CVSS5.3AI score0.00211EPSS

AlpineLinux•added 2026/06/12 7:59 p.m.•6 views

CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.6AI score0.00287EPSS

Exploits1References1

SUSE CVE•added 2026/06/12 2:26 a.m.•5 views

SUSE CVE-2026-45359

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been...

5.7CVSS5.4AI score0.00108EPSS

Exploits0References3

RedhatCVE•added 2026/06/10 11:33 p.m.•8 views

CVE-2026-45359

A flaw was found in ImageMagick. A local attacker could exploit this vulnerability by providing an invalid 'connected-components:keep-top' value during image processing. This could lead to a heap buffer over-read, potentially resulting in information disclosure or a denial of service DoS...

7.1CVSS5.2AI score0.00108EPSS

Exploits0References4

NVD•added 2026/06/10 10:16 p.m.•6 views

CVE-2026-45359

5.7CVSS0.00108EPSS

Debian CVE•added 2026/06/10 9:26 p.m.•8 views

CVE-2026-45359

AlpineLinux•added 2026/06/10 9:26 p.m.•7 views

Exploits0

CVE-2026-45359

Cvelist•added 2026/06/10 9:26 p.m.•26 views

Exploits0

CVE-2026-45359 ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define

5.7CVSS0.00108EPSS

CVE•added 2026/06/10 9:26 p.m.•38 views

CVE-2026-45359

CVE-2026-45359 (ImageMagick) : A flaw in the connected-components operation arises from an invalid keep-top value, which can cause a heap buffer over-read. This affects ImageMagick versions prior to 6.9.13-48 and 7.1.2-22. The issue is mitigated by the patched releases 6.9.13-48 and 7.1.2-22. Upg...

Exploits0References1Affected Software1

Vulnrichment•added 2026/06/10 9:26 p.m.•6 views

CVE-2026-45359 ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define

EUVD•added 2026/06/10 9:26 p.m.•7 views

EUVD-2026-36160

CNNVD•added 2026/06/10 12:0 a.m.•12 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-22 contained a buffer error vulnerability. This vulnerability stemmed...

5.7CVSS5.8AI score0.00108EPSS

EUVD•added 2026/06/09 6:9 p.m.•8 views

EUVD-2026-35790

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

9.8CVSS5.5AI score0.00209EPSS

Vulnrichment•added 2026/06/09 6:9 p.m.•7 views

CVE-2026-10045 CVE-2026-10045

5.5AI score0.00209EPSS

Vulnrichment•added 2026/06/09 3:50 p.m.•7 views

CVE-2026-0411 A Sensitive Information Disclosure Vulnerability in NETGEAR Orbi Satellites

An information disclosure vulnerability in the NETGEAR Orbi satellites RBR/RBE/RBS Series could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not...

7.2CVSS5.3AI score0.00278EPSS

Exploits0References6

CNNVD•added 2026/06/09 12:0 a.m.•8 views

Kangda Xin DR300 安全漏洞

Kangda Xin DR300 is a wireless router produced by Kangda Xin Corporation. The Kangda Xin DR300 version 2.1.2.121 has a security vulnerability. This vulnerability stems from the inclusion of hardcoded login credentials, with telnet being enabled by default. It may allow attackers to read memory,...

9.8CVSS5.3AI score0.00209EPSS

RedhatCVE•added 2026/06/05 7:22 p.m.•6 views

CVE-2026-34184

Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed in...

9.1CVSS5.6AI score0.0027EPSS

OSV•added 2026/06/01 12:0 a.m.•9 views

ASB-A-496735702

In onServiceConnected of HostEmulationManager.java, there is a possible way to perform BAL due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score