369404 matches found
CVE-2026-14265
The CVE affects AWS Advanced JDBC Wrapper (AWR) RemoteQueryCachePlugin versions 3.3.0–4.0.0. Deserialization of untrusted data via ObjectInputStream without class filtering when reading cached query results from Redis or Valkey enables gadget-chain execution, allowing arbitrary code execution on ...
CVE-2026-58593
NodeBB is affected by CVE-2026-58593 where inbound ActivityPub objects are not correctly bound to the authenticated remote actor. The middleware verifies the HTTP-signature actor and origin of object.id but does not validate that attributedTo corresponds to the sender, treating attributedTo as a ...
CVE-2026-58592
Vulnerability summary (CVE-2026-58592, Ladybird): A dangling-reference memory-safety flaw in Ladybird’s WebAssembly ESM integration loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference...
CVE-2026-49858
API Platform Core contains a cross-user attribute leak in JSON:API and HAL item normalizers due to a missing isCacheKeySafe gate. Affected versions: 2.6.0 up to 4.1.28, 4.2.25, and 4.3.11 (i.e., before 4.1.29, 4.2.26, 4.3.12). Root cause: componentsCache arrays are keyed on $context['cache_key'] ...
CVE-2026-58457
CVE-2026-58457 affects Shenzhen Aitemi M300 MT02 (Wi‑Fi Repeater). An unauthenticated OS command injection exists in the commuos web backend via the smacfilter_conf handler. Attackers can append semicolon-delimited payloads to the name, enable, or mac GET parameters, which are unsanitized and pas...
CVE-2026-14363
The CVE-2026-14363 issue affects the MediaWiki Cargo Extension for MediaWiki, where improper neutralization of special elements in SQL queries (notably in Special:Drilldown) enables SQL injection. Reported impacts include unauthorized access, modification, or deletion of data in the database. Aff...
CVE-2026-54164
Summary: API Platform Core versions prior to 4.1.30, 4.2.26 and 4.3.12 contain a type-confusion in the serializer’s AbstractItemNormalizer when resolving relation IRIs. An attacker able to submit write requests (POST/PUT/PATCH) to an API endpoint with writable relations can supply a relation IRI ...
CVE-2026-13760
CVE-2026-13760 describes an OS command injection in the AWS cdK library’s NodejsFunction Docker bundling pipeline (OsCommand helper). If an attacker can control a project’s package.json dependency version strings during Docker-based bundling with nodeModules, arbitrary commands may be executed on...
CVE-2026-55597
CVE-2026-55597 affects ImageMagick prior to 7.1.2-26, where incorrect handling of arguments can cause a heap buffer overwrite in the JP2 encoder. The issue is fixed in 7.1.2-26. This can lead to memory corruption in the JP2 encoding path; upgrading to the fixed release is the advised remediation.
CVE-2026-49988
Technical details for CVE-2026-49988 are not publicly available in the provided documents. No affected products, vulnerable components, or remediation information are disclosed. Monitor for updates.
CVE-2026-49826
Technical details for CVE-2026-49826 are not publicly available in the provided documents. The entry is reserved/placeholder; no affected products, root cause, impact, or remediation are specified. Monitor for updates.
CVE-2026-49987
Technical details for CVE-2026-49987 are not publicly available in the provided documents. Monitor for updates as information may be released later.
CVE-2026-55595
ImageMagick is affected by a vulnerability in the connected-components option. Prior to versions 6.9.13-51 and 7.1.2-26, providing invalid arguments to this option can cause an infinite loop (local attack vector, high availability impact) as described in the CVE notes. The issue has been fixed in...
CVE-2026-55594
ImageMagick (MVG decoder) is affected by a stack overflow in the MVG decoder due to a missing depth check when processing a crafted image. This affects versions prior to 6.9.13-51 and 7.1.2-26. The issue has been fixed in 6.9.13-51 and 7.1.2-26. According to the CVE entry, the assigned CVSS score...
CVE-2026-55577
CVE-2026-55577 affects ImageMagick's MVG decoder. A heap buffer overflow can cause an out-of-bounds write when processing crafted MVG images. Affected versions are prior to 6.9.13-51 and 7.1.2-26. The issue has been fixed in 6.9.13-51 and 7.1.2-26. Mitigation:** upgrade to one of the fixed releas...
CVE-2026-49981
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-49981.
CVE-2026-55510
ImageMagick vulnerability CVE-2026-55510 affects the ImageMagick suite (ImageMagick) where a use-after-free can occur when identifying an image with a crafted 8BIM profile in a specific format string. The issue is triggered in affected builds prior to 6.9.13-51 and 7.1.2-26 and is fixed in those ...
CVE-2026-53467
ImageMagick’s CVE-2026-53467 affects the MNG decoder. Prior to 6.9.13-51 and 7.1.2-26, the decoder can disclose heap information because part of the pixels are left unchanged. Fixed in 6.9.13-51 and 7.1.2-26. Affected software: ImageMagick (Image editing/manipulation tool); component: MNG decoder...
CVE-2026-14358
The CVE-2026-14358 affects the Wikimedia Foundation MediaWiki Charts Extension and indicates a Cross-Site Scripting (XSS) flaw caused by improper input neutralization during web page generation. Affected versions are before 1.43.9, 1.44.6, and 1.45.4. The vulnerability is described as a stored XS...
CVE-2026-41121
Dell Device Management Agent (DDMA) versions before 26.05 are affected by an Improper Link Resolution Before File Access (Link Following) vulnerability. A low-privilege, local attacker could potentially exploit this to achieve Elevation of Privileges. The CVSS3.1 vector is AV:L/AC:L/PR:L/UI:R/S:U...