Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

CVE-2026-54821

The CVE-2026-54821 entry concerns the WordPress Visual Link Preview plugin, affected versions are

WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by she11f in WordPress Plugin Visual Link Preview versions = 2.3.1...

sidekiq-cron 安全漏洞

sidekiq-cron is an open-source scheduling plugin for tasks based on Cron expressions. Versions of sidekiq-cron 2.3.1 and earlier contain security vulnerabilities; these vulnerabilities stem from the possibility of cross-site scripting attacks caused by rendering malicious URLs through the cron.er...

CVE-2026-34537

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...

CVE-2026-34533 iccDEV: UB in CIccCalculatorFunc::ApplySequence()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccCalculatorFunc::ApplySequence due to invalid enum values being loaded for icChannelFuncSignature. The issue is...

PT-2026-24353

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.5 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A heap out-of-bounds read exists in the CIccCalculatorFunc::ApplySequence function, which can cause an...

CVE-2026-25311 WordPress Autoshare for Twitter plugin <= 2.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through = 2.3.1...

PT-2026-20683

Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through = 2.3.1...

WordPress Advanced Country Blocker plugin <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability

Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability discovered by Hector Flores in WordPress Plugin Advanced Country Blocker versions = 2.3.1...

CVE-2026-25634

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1....

CVE-2026-25503

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values causin...

PT-2026-4547

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read. This occurs when user-controllable input is unsafely incorporated into ICC profile...

CVE-2026-21493

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2...

iccDEV 安全漏洞

iccDEV is an open source color configuration codebase from the International Color Consortium. A security vulnerability exists in iccDEV prior to version 2.3.1.2, which stems from a heap buffer overflow in the CIccCLUT::Init function that could lead to memory corruption...

EUVD-2026-1388

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in CIccTagXmlTagData::ToXml. This vulnerability affects users o...

CVE-2026-21685 iccDEV has Undefined Behavior in CIccTagLut16::Read()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagLut16::Read. This vulnerability affects users of the iccDEV libra...

PT-2026-2075

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with ICC color management profiles. A heap-buffer-overflow issue exists in the IccTagXml function in versions prior to 2.3.1.2. Recommendations...

CVE-2026-21507 iccDEV is Vulnerable to Denial of Service via Infinite Loop in CalcProfileID()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1...

PT-2026-1407

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.1 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain Undefined Behavior in the CIccCLUT::Init function, which initializes and sets...