Lucene search
K

1049 matches found

NVD
NVD
added 2026/01/07 10:15 p.m.8 views

CVE-2026-21684

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

7.1CVSS0.00243EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/07 9:18 p.m.4 views

CVE-2026-21684 iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

7.1CVSS6.4AI score0.00243EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/07 9:18 p.m.20 views

CVE-2026-21684 iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

7.1CVSS0.00243EPSS
Exploits1References3
CVE
CVE
added 2026/01/07 9:18 p.m.19 views

CVE-2026-21684

iccDEV is affected in versions prior to 2.3.1.2, where Undefined Behavior occurs in CIccTagSpectralViewingConditions(). A patch is available in version 2.3.1.2. The vulnerability affects users processing ICC color profiles with iccDEV. No explicit exploitation details or in-the-wild activity are ...

7.1CVSS6.4AI score0.00243EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/01/07 9:18 p.m.6 views

EUVD-2026-1394

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

7.1CVSS6.3AI score0.00243EPSS
Exploits1References3
OSV
OSV
added 2026/01/07 9:18 p.m.5 views

CVE-2026-21684 iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...

7.1CVSS6.7AI score0.00243EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

iccDEV 安全漏洞

iccDEV is an open source color configuration codebase from the International Color Consortium. A security vulnerability exists in iccDEV versions prior to 2.3.1.2 that stems from undefined behavior in the CIccTagSpectralViewingConditions function...

7.1CVSS6.5AI score0.00243EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.12 views

PT-2026-2081

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 exhibit Undefined Behavior within the...

7.1CVSS6.6AI score0.00243EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.4 views

CVE-2018-25139 FLIR AX8 Thermal Camera 1.32.16 Unauthenticated RTSP Stream Disclosure

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage...

8.7CVSS6.7AI score0.00447EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.5 views

PT-2025-51322

Name of the Vulnerable Software and Affected Versions Misskey versions 13.0.0-beta.16 through 2025.12.0 Description Misskey is a federated social media platform. Users without the necessary permissions to view favorites or clips could export posts and access their contents. Recommendations Update...

7.1CVSS6.4AI score0.00264EPSS
Exploits1References7
CNVD
CNVD
added 2025/12/10 12:0 a.m.3 views

Google Android Logic Error Vulnerability (CNVD-2025-3146618)

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a logic error vulnerability that stems from a logic error issue in Session.java, which can be exploited by an attacker to view images of other users on the...

7.8CVSS6.4AI score0.00086EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/08 6:30 p.m.5 views

EUVD-2025-201784

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.3AI score0.00086EPSS
Exploits0References3
OSV
OSV
added 2025/12/08 5:16 p.m.4 views

CVE-2025-32329

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS5.9AI score0.00086EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/08 4:56 p.m.3 views

CVE-2025-32328

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

6.5AI score0.00086EPSS
Exploits0References2
CVE
CVE
added 2025/12/03 8:42 a.m.15 views

CVE-2025-13472

CVE-2025-13472 concerns the BlazeMeter Jenkins Plugin. The Red Hat and NVD entries, plus multiple security advisories, confirm that versions prior to 4.27 expose a list of sensitive resources (credential IDs, BlazeMeter workspaces, and project IDs) to users who should not have access. The underly...

5.3CVSS6.4AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.5 views

PT-2025-49000

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Framework component of Android operating systems due to insufficient protection of service data. Exploitation may allow a remote attacker to elevate privileges...

7.8CVSS6.7AI score0.00086EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/11/21 12:28 p.m.5 views

CVE-2025-10039 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client'

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'ehcrmticketsingleviewclient' due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.2AI score0.00252EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/15 8:40 a.m.8 views

CVE-2025-41436

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

4.3CVSS6.8AI score0.0015EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.5 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions prior to 11.0, which stems from a failure to properly implement a setting that allows users to view archived channels, which could result in a...

4.3CVSS6.2AI score0.0015EPSS
Exploits0References2
NVD
NVD
added 2025/11/06 11:15 p.m.4 views

CVE-2025-12636

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...

7.1CVSS0.0025EPSS
Exploits0References2
Rows per page
Query Builder