CVE-2026-21676

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1...

CVE-2026-21675 iccDEV has a Use After Free vulnerability in CIccCmm class via improper hint manager object deletion

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create function, where it deletes the hint. This issue is fixed in version 2.3.1.1...

PT-2026-1362

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.1 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain an infinite loop within the CalcProfileID function in the IccProfile.cpp file...

PT-2026-1408

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow, Integer Overflow or Wraparound,...

PT-2026-21714

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 Description An integer overflow exists within the Libraries component of NSS. This issue may lead to...

PT-2026-34077

Name of the Vulnerable Software and Affected Versions Oracle Java SE version 25.0.1 Description An issue in the Libraries component allows an unauthenticated attacker with network access via multiple protocols to compromise the system. This can lead to unauthorized update, insert, or delete acces...

00ld8nuivn (=2.1.0), 00rqiw31nd (=2.1.0) +42119 more potentially affected by CVE-2025-15284 via qs (>=0.1.0 <=6.14.0)

qs NPM version =0.1.0, =6.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on qs and may be impacted: - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 -...

PT-2025-53452

Name of the Vulnerable Software and Affected Versions Eaton UPS Companion software affected versions not specified Description A flaw exists in the Eaton UPS Companion software installer related to improper authentication of library files. This could allow an attacker who has access to the softwa...

RHSA-2025:23342 Red Hat Security Advisory: python3.9 security update

Bulletin has no description...

africa.shuwari.sbt:sbt-js_2.12_1.0 (>=0.14.1 <=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +21509 more potentially affected by CVE-2025-68161 via org.apache.logging.log4j:log4j-core (>=2.0 <=2.25.2)

org.apache.logging.log4j:log4j-core MAVEN version =2.0, =0.14.1, =0.1.0, =0.9.6, =0.12.0, =0.9.6, =0.9.6, =0.9.6, =0.9.6, =0.14.1, =0.9.6, =0.14.1, =4.4.0.0, =1.4.6, =1.4.6, =1.4.8 and more Source cves: CVE-2025-68161 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-14532782...

SQL Injection

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to SQL Injection via the whereCondition parameter of the DidActivity macro method in the ContactInfoMethods class. An authenticated...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GetFieldValueForMail method in the BizFormMailSender class. An attacker can inject arbitrary HTML...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper processing of page preview URLs. An authenticated attacker can execute arbitrary JavaScript...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.AspNet.Mvc5.Libraries is an assemblies required to use the Kentico Xperience API in class libraries developed for ASP.NET MVC 5 applications. Does not include content items or other modifications intended for the MVC web application itself. Affected versions of this...

Sensitive Cookie in HTTPS Session Without "Secure" Attribute

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute via the SetValue method in the CookieHelper class. The requireSSL...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.AspNet.Mvc5.Libraries is an assemblies required to use the Kentico Xperience API in class libraries developed for ASP.NET MVC 5 applications. Does not include content items or other modifications intended for the MVC web application itself. Affected versions of this...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries.Web.UI is a runtime assemblies for Web Forms applications that use Kentico Xperience API Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SaveUserSpecificDashboardSettings method in the UserSettingsJsonDashboardItemsLoader...

[SECURITY] Fedora 42 Update: golang-github-facebook-time-0^20251216git61f7510-2.fc42

Meta's Time libraries...

[SECURITY] Fedora 43 Update: golang-github-facebook-time-0^20251216git61f7510-2.fc43

Meta's Time libraries...

CVE-2025-10450

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional Core Libraries allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7., from 7.2.0 before 7.3.1...