CVE-2021-47962

Technical details for CVE-2021-47962 are not publicly available in the provided documents. No explicit affected product versions, root cause, impact, or fixes are described here. Monitor for updates from official sources.

EUVD-2026-4852

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types during ICC profile X...

CVE-2026-24856 iccDEV has UB runtime error in <icTagTypeSignature>

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types during ICC profile X...

CVE-2026-24852

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the strlen function attempts to read a non-null-terminated buffer potentially leaking heap memory...

EUVD-2026-4911

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the strlen function attempts to read a non-null-terminated buffer potentially leaking heap memory...

CVE-2026-24852

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the strlen function attempts to read a non-null-terminated buffer potentially leaking heap memory...

CVE-2026-24852 iccDEV has a heap-buffer-overflow in icXmlParseTextString()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the strlen function attempts to read a non-null-terminated buffer potentially leaking heap memory...

CVE-2026-24852

The CVE-2026-24852 issue affects iccDEV before version 2.3.1.2, where a heap-buffer-over-read can occur in icXmlParseTextString() when strlen() reads a non-null-terminated buffer, potentially leaking heap memory and causing application termination. The fixed release is 2.3.1.2. It involves ICC co...

CVE-2026-24852 iccDEV has a heap-buffer-overflow in icXmlParseTextString()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the strlen function attempts to read a non-null-terminated buffer potentially leaking heap memory...

PT-2026-5226

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with ICC color management profiles. A flaw exists in versions prior to 2.3.1.2 where undefined behavior occurs during the conversion of...

PT-2026-5049

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the strlen function attempts to read a non-null-terminated buffer potentially leaking heap memory...

CVE-2026-1008

A stored cross-site scripting XSS vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected...

CVE-2025-13217

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the YouTube Video 'value' field in all versions up to, and including, 2.11.0. This is due to insufficient input...

PT-2025-51921

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. A flaw exists where an authenticated user with specific permissions "Edit Records" and "Manage Properties and Classifications" can inject a...

EUVD-2013-3875

Malware in sbrugna...

EUVD-2012-1002

Malware in sbrugna...

CVE-2025-59821

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases,...

CVE-2025-34086 Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename

Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...

CVE-2025-34086 Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename

Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...

PT-2025-27826 · Bolt Cms · Bolt Cms

Name of the Vulnerable Software and Affected Versions: Bolt CMS versions 3.7.0 and earlier Description: The issue allows an authenticated user to achieve remote code execution. This is done by injecting arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitiz...