EUVD-2026-17701

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...

CLSA-2026-1769014292 httpd: Fix of 2 CVEs

CVE-2025-66200: don't use request notes for suexec, stop accepting the obscure "note" option in RequestHeader - CVE-2025-65082: fix precedence of envvars from HTTP headers and Apache configuration...

CLSA-2026-1769013944 httpd: Fix of 2 CVEs

CVE-2025-66200: don't use request notes for suexec, stop accepting the obscure "note" option in RequestHeader - CVE-2025-65082: fix precedence of envvars from HTTP headers and Apache configuration...

Malicious code in parcel-plugin-envvar-allowlist (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-42052 Malicious code in parcel-plugin-envvar-allowlist (npm)

The package communicates with a domain associated with malicious activity...

DEBIAN-CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...