CVE-2026-21495

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2...

CVE-2023-50253

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...

CVE-2022-31170

OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...

MAL-2026-181 Malicious code in smintio-portals-component-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ac8dad03743200fb36bb249f7d2292a267daaffb767a56e0c0e6634dc71afe The package smintio-portals-component-sdk was found to contain malicious code. Source: ghsa-malware...

SUSE SLES15 / openSUSE 15 Security Update : capstone (SUSE-SU-2026:0060-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0060-1 advisory. Security issues fixed: - CVE-2025-67873: missing bounds check on user-provided skipdata callback can lead to a heap...

GHSA-J965-2QGJ-VJMQ JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. Per the AWS shared responsibilit...

Improper Validation of Syntactic Correctness of Input

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the region input field. An attacker can cause AWS API calls to be routed to unintended or non-existent hosts by supplying an invalid...

EUVD-2026-1417

JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3...

GHSA-6475-R3VJ-M8VF AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

EUVD-2026-1418

AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value...

pipesns (=0.1.5) potentially affected by unknown CVE via aws-sdk-sns (=0.4.1)

aws-sdk-sns CARGO version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on aws-sdk-sns and may be impacted: - pipesns =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

CVE-2026-22255

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in CIccCLUT::Init at IccProfLib/IccTagLut.cpp. This...

CVE-2026-22255

CVE-2026-22255 affects iccDEV. Versions prior to 2.3.1.2 contain a heap-buffer-overflow in CIccCLUT::Init() within IccProfLib/IccTagLut.cpp, impacting users processing ICC color profiles. Version 2.3.1.2 includes a patch. No workarounds are documented. Exploitation details are not provided in the...

Moderate Photon OS Security Update - PHSA-2026-4.0-0942

Updates of 'rubygem-aws-sdk-s3', 'aws-sdk-cpp' packages of Photon OS have been released...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-1350)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1350 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix NULL dereference on q-elevator in blkmqelvswitchnone CVE-2023-53292 In the Linux kernel, the following...

EUVD-2026-1387

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in CIccTag:IsTypeCompressed. This vulnerability affects users o...

EUVD-2026-1391

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagLut16::Read. This vulnerability affects users of the iccDEV libra...

CVE-2026-21684 iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

CVE-2026-21680 iccDEV has Null Pointer Dereference in CIccProfile::CheckTagTypes()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a NULL pointer dereference vulnerability. This vulnerability affects users of the iccDEV libra...

Explore the latest Microsoft Incident Response proactive services for enhanced resilience

As cyberthreats become faster, harder to detect, and more sophisticated, organizations must focus on building resilience—strengthening their ability to prevent, withstand, and recover from cybersecurity incidents. Resilience can mean the difference between containing an incident with minimal...