9.8
CVE-2026-21413 - LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
9.8
CVE-2026-20889 - LibRaw: LibRaw: Arbitrary code execution via specially crafted image file
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
8.1
CVE-2026-24660 - LibRaw: LibRaw: Memory Corruption via Malicious File Processing
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
8.1
CVE-2026-24450 - LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
8.1
CVE-2026-20884 - LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw
An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
8.7
CVE-2026-35554 - Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Conditiโฆ
A race condition in the Apache Kafka Java producer clientโs buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batchโs ByteBuffer is prโฆ
7.2
CVE-2026-5627 - Path Traversal in mintplex-labs/anything-llm
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user input in the `loadFlow` and `deleteFlow` methods in `server/utils/agentFlows/index.js`. Specifically, thโฆ
5.3
CVE-2026-33866 - Authorization Bypass in MLflow AJAX Endpoint
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing accessโcontrol validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to accโฆ
5.1
CVE-2026-33865 - Stored XSS via unsafe YAML parsing in MLflow
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actioโฆ
9.3
CVE-2026-22679 - Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint
Weaver (Fanwei) E-cology 10.0 versions prior toย 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POโฆ