CVE-2026-21487

creationtimestamp| type| source ---|---|--- 2026-01-06 05:03:26+00:00| published-proof-of-concept| Telegram/831nHCRtL2evt5rniei0FJReQqtzOwaiGXzkQTpqhGeUo2I 2026-01-06 07:59:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbqiailbdv2x...

CVE-2026-21487 iccDEV has Out-of-bounds Read, Use of Out-of-range Pointer Offset and Improper Input Validation

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have an Out-of-bounds Read, Use of Out-of-range Pointer Offset and have Improper Input Validation in its CIccProfile::LoadTag function. This issue is fixed in version 2.3.1.2...

CVE-2025-21487

creationtimestamp| type| source ---|---|--- 2025-09-24 15:53:06+00:00| seen| Telegram/SwwwDc7bC0Xkick43RM-46Kxj4RBHdgAvyHz3ij0GCHgP40...

CVE-2023-21487

Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting...

CVE-2022-21487

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

CVE-2020-21487

Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acmecertificates.php...

CVE-2023-21487

Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting...

CVE-2023-21487

Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting...

CVE-2023-21487

CVE-2023-21487 concerns Samsung devices’ Telephony framework. The issue is described as an improper access control vulnerability that enables a local attacker to change a call setting. The public description across sources confirms the target is the Telephony framework and that exploitation requi...

CVE-2020-21487

Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acmecertificates.php...

CVE-2020-21487

Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acmecertificates.php...

CVE-2020-21487

pfSense 2.4.4 with ACME package 0.6.3 is affected by a Cross-Site Scripting (XSS) vulnerability that can allow an attacker to execute arbitrary code via the RootFolder field in acme_certificates.php. This vulnerability is described across multiple feeds as a XSS issue affecting Netgate pfSense 2....

CVE-2020-21487

Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acmecertificates.php...

openSUSE 15 Security Update : virtualbox (openSUSE-SU-2022:10067-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10067-1 advisory. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is...

openSUSE: Security Advisory for virtualbox (openSUSE-SU-2022:10067-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Mageia: Security Advisory (MGASA-2022-0153)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0153 Updated virtualbox packages fix security vulnerabilities

Updated virtualbox packages fix security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.34 contains an easily exploitable vulnerability that allows a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM...

Oracle VirtualBox Security Update (cpuapr2022) - Windows

Oracle VirtualBox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:vmvirtualbox";...

CVE-2022-21487

Vulnerability CVE-2022-21487 affects Oracle VM VirtualBox (Core) prior to 6.1.34. An easily exploitable issue allows a low-privileged attacker with local logon to the host to read a subset of VirtualBox data (impacting confidentiality). Mitigation: upgrade to VirtualBox 6.1.34 or newer (per advis...

libxml2 Resource Management Error Vulnerability (CNVD-2022-21487)

libxml2 is an open source library for parsing XML documents. It is written in C and can be called by multiple languages, such as C, C, XSH. libxml2 suffers from a resource management error vulnerability that can be exploited by attackers to threaten alerts that affect software or systems...