VulDB Recent Entries

A vulnerability, which was classified as critical, was found in ImageMagick up to 7.1.2-15. The impacted element is an unknown function of the component UHDR Encoder. Such manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-30931. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in ImageMagick up to 7.1.2-15. The affected element is an unknown function of the component SIXEL Decoder. This manipulation causes integer overflow. This vulnerability is handled as CVE-2026-28493. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in budibase up to 3.24.0. Impacted is an unknown function. The manipulation results in client-side enforcement of server-side security. This vulnerability is known as CVE-2026-25737. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in Misskey up to 2026.3.0. This issue affects some unknown processing. The manipulation leads to authorization bypass. This vulnerability is traded as CVE-2026-28433. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in ImageMagick up to 6.9.13-40/7.1.2-15. This vulnerability affects unknown code of the component Image Parser. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability appears as CVE-2026-30929. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in ImageMagick up to 6.9.13-40/7.1.2-15. This affects the function WaveletDenoiseImage. Performing a manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2026-30936. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in ImageMagick up to 7.1.2-15. Affected by this issue is some unknown functionality. Such manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2026-30935. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in ImageMagick up to 6.9.13-40/7.1.2-15. Affected by this vulnerability is an unknown functionality. This manipulation causes stack-based buffer overflow. This vulnerability is registered as CVE-2026-28494. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as very critical has been discovered in Kubernetes ingress-nginx up to 1.13.7/1.14.3. Affected is an unknown function of the component Ingress Annotation Handler. The manipulation results in improper input validation. This vulnerability is cataloged as CVE-2026-3288. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in SiYuan up to 3.5.9. It has been rated as critical. This impacts an unknown function of the file /api/block/appendHeadingChildren of the component API Endpoint. The manipulation leads to improper access controls. This vulnerability is listed as CVE-2026-30926. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Tenda W15E 02.03.01.26_cn. It has been declared as problematic. This affects an unknown function of the file /cgi-bin/DownloadCfg/RouterCfm.jpg of the component Configuration File Handler. Executing a manipulation can lead to information disclosure. This vulnerability is tracked as CVE-2026-30140. The attack can be launched remotely. No exploit exists.

A vulnerability was found in KeygraphHQ Shannon. It has been classified as critical. The impacted element is an unknown function of the component Configuration Handler. Performing a manipulation results in hard-coded credentials. This vulnerability is identified as CVE-2026-29023. The attack can be initiated remotely. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in budibase up to 3.23.22 and classified as critical. The affected element is an unknown function of the file packages/server/src/integrations/postgres.ts. Such manipulation of the argument Password leads to os command injection. This vulnerability is referenced as CVE-2026-25041. It is possible to launch the attack remotely. No exploit is available. A patch should be applied to remediate this issue.

A vulnerability has been found in linagora twake 2023.Q1.1223 and classified as critical. Impacted is an unknown function. This manipulation causes os command injection. The identification of this vulnerability is CVE-2025-70039. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in mscdex ssh2 1.17.0. This issue affects some unknown processing. The manipulation results in incorrect regular expression. This vulnerability was named CVE-2025-70034. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as problematic, has been found in linagora Twake 2023.Q1.1223. This vulnerability affects unknown code. The manipulation leads to open redirect. This vulnerability is uniquely identified as CVE-2025-70037. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as critical was found in linagora Twake 2023.Q1.1223. This affects an unknown part. Executing a manipulation can lead to improper neutralization. This vulnerability is handled as CVE-2025-70038. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical has been found in TP-Link Archer AXE75 up to 1.3.2 Build 20250107. Affected by this issue is some unknown functionality of the component Web Module. Performing a manipulation results in os command injection. This vulnerability is known as CVE-2025-15568. Access to the local network is required for this attack. No exploit is available.

A vulnerability described as critical has been identified in IKEA Dirigera up to 2.866.4. Affected by this vulnerability is an unknown functionality. Such manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-3588. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability marked as problematic has been reported in YMFE yapi 1.12.0. Affected is an unknown function. This manipulation causes cross site scripting. This vulnerability appears as CVE-2025-70060. The attack may be initiated remotely. There is no available exploit.