CVE-2026-21494

creationtimestamp| type| source ---|---|--- 2026-01-06 20:13:41+00:00| seen| Telegram/W9cnrPaYEkduQXNMxTamq0Dafu5VRSzGfTVZkSYwQLJrcs 2026-01-06 21:07:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbrubokt4e2q...

CVE-2026-21494 iccDEV has heap buffer overflow in CIccTagLut8::Validate()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It...

CVE-2022-21494

Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful...

CVE-2021-21494

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logsajax.php tipo parameter. An attacker can leverage this to read the centralmka2 session token cookie, which is not set to HTTPOnly...

Oracle MySQL Server 8.0 - 8.0.39, 8.4 - 8.4.2, 9.0 - 9.0.1 Security Update (cpujan2025) - Linux

Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...

CVE-2025-21494

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure...

CVE-2024-21494

creationtimestamp| type| source ---|---|--- 2024-02-17 06:21:50+00:00| seen| https://t.me/ctinow/186780...

CVE-2024-21494

CVE-2024-21494 affects all versions of the Go package github.com/greenpau/caddy-security, enabling authentication bypass through spoofing the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP used in the user identity module’s /whoami endpoint, potentially gai...

CVE-2023-21494

Potential buffer overflow vulnerability in auth api in mmAuthentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access...

Oracle Solaris Critical Patch Update : apr2022_SRU11_4_44_113_4

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to th...

CVE-2022-21494

CVE-2022-21494 is a vulnerability in Oracle Solaris (kernel) affecting Solaris 11. An attacker with local access and user interaction can cause a hang or DoS on the system. Public details confirm the issue is kernel-level with the reported impact and that Oracle released patches in the April 2022...

CVE-2022-21494

Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful...

CVE-2022-21494

Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful...

CVE-2020-21494

creationtimestamp| type| source ---|---|--- 2021-10-05 00:30:25+00:00| seen| https://t.me/cibsecurity/29946...

CVE-2020-21494

A cross-site scripting XSS vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0...

CVE-2020-21494

This CVE concerns Xiuno BBS 4.0.4 where an XSS vulnerability exists in the install/install.sql component. The underlying issue is that attacker-controlled input can alter the doctype value to 0, enabling execution of arbitrary web scripts or HTML. The affected artifact is the install.sql routine ...

CVE-2021-21494

creationtimestamp| type| source ---|---|--- 2021-01-04 07:36:19+00:00| seen| https://t.me/cibsecurity/21521...

CVE-2021-21494

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logsajax.php tipo parameter. An attacker can leverage this to read the centralmka2 session token cookie, which is not set to HTTPOnly...

CVE-2021-21494

CVE-2021-21494 affects MK-AUTH up to version 19.01 K4.9. It enables a cross-site scripting (XSS) flaw via the admin/logs_ajax.php tipo parameter, allowing an attacker to read the centralmka2 session token cookie, which is not marked HttpOnly. The provided documents consistently describe the vulne...

CVE-2021-21494

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logsajax.php tipo parameter. An attacker can leverage this to read the centralmka2 session token cookie, which is not set to HTTPOnly...