CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-40992
Medium

Spring Boot does not enable hostname verification in mail auto-configuration. Applications that set the relevant JavaMail property are not affected.

CVE-2026-40986
Medium

Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not 'text/html'. This can lead to a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker.

CVE-2026-40985
Medium

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions.

CVE-2026-2827
Medium

The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'oum_location_notification' parameter in versions up to and including 1.4.31 due to insufficient input sanitization and output escaping.

CVE-2026-53465
Medium

ImageMagick prior to version 7.1.2-25 contained a vulnerability that allowed for a heap buffer over-write when encoding a crafted multi-frame image with the SF3 encoder.

CVE-2026-53464
Medium

ImageMagick prior to version 7.1.2-25 has a small memory leak issue when providing invalid options to the wand option parser.

CVE-2026-53463
Medium

ImageMagick prior to versions 6.9.13-50 and 7.1.2-25 had a vulnerability that led to a null pointer dereference when passing incorrect arguments in the distort operation. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.

CVE-2026-53462
Medium

ImageMagick prior to versions 6.9.13-50 and 7.1.2-25 has a memory allocation issue in CheckPrimitiveExtent, which can lead to a heap-use-after-free error and application crash.

CVE-2026-49219
Medium

ImageMagick prior to versions 6.9.13-48 and 7.1.2-24 had an issue with incorrect parsing of filenames, which could lead to a policy bypass and reading disallowed files using symlinks.

CVE-2026-48994
Medium

ImageMagick prior to versions 6.9.13-48 and 7.1.2-24 had a missing check of a return value, which could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.

CVE-2026-48734
Medium

ImageMagick prior to versions 6.9.13-49 and 7.1.2-24 had a stack overflow vulnerability due to a missing depth or visited-set check in MVG files. This issue has been patched in the mentioned versions.

CVE-2026-48733
Medium

ImageMagick prior to versions 6.9.13-49 and 7.1.2-24 contained a flaw that could lead to an infinite loop during the subimage-search operation when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.

CVE-2026-48724
Medium

ImageMagick prior to version 7.1.2-24 has a heap buffer over-write vulnerability when using an image with a mask with the Floyd-Steinberg dithering method.

CVE-2026-47734
Medium

Dulwich, a pure-Python implementation of Git file formats and protocols, has a vulnerability that allows a client with push access to send a small crafted pack, leading to the allocation of a huge amount of memory. The issue affects versions from 0.1.0 to 1.2.5 and is patched in version 1.2.5.

CVE-2026-47213
Medium

Boxlite is a sandbox service that allows users to create lightweight virtual machines and launch OCI containers. In versions 0.8.2 and prior, Boxlite uses the SIGALRM signal to terminate processes after a timeout, which can be exploited by malicious code to continue running, leading to resource exhaustion.

CVE-2026-47166
Medium

ImageMagick prior to versions 6.9.13-48 and 7.1.2-23 contained a vulnerability that allowed an attacker to cause a heap buffer over-read in the server process if they could connect to a magick -distribute-cache service.

CVE-2026-47165
Medium

ImageMagick prior to versions 6.9.13-48 and 7.1.2-23 had a distributed pixel cache that operated without a challenge-response authentication model. Changes have been made in newer versions to enhance security.

CVE-2026-46693
Medium

ImageMagick prior to versions 6.9.13-48 and 7.1.2-23 contained a vulnerability that allowed an attacker to hijack a file descriptor in the server process when a race condition occurred. This issue has been patched in the mentioned versions.

CVE-2026-46692
Medium

ImageMagick prior to versions 6.9.13-48 and 7.1.2-23 contained a vulnerability that allowed an attacker to perform a heap buffer over-write in the server process if they had access to the magick -distribute-cache service.

CVE-2026-46645
Medium

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check, allowing authenticated users to access model data despite restrictions set by developers.

PreviousPage 137 of 560Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS