EUVD-2026-10727

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence causing an application crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30984 iccDEV has a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence causing an application crash. This vulnerability is fixed in 2.3.1.5...

CVE-2025-41764

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...

iccDEV 输入验证错误漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.5 contained a vulnerability related to input validation errors. This vulnerability stemmed from a heap out-of-bound read in the...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.5 contained security vulnerabilities. These vulnerabilities were caused by invalid or wild pointer readings in the CIccCalculatorFunc::ApplySequence functio...

PT-2026-24362

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.5 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A heap out-of-bounds read exists in the CTiffImg::ReadLine function when processing a crafted TIFF image with...

PT-2026-24360

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.5 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A stack buffer overflow write exists in the CIccXform3DLut::Apply function, potentially leading to stack memory...

OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations

Summary In certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference files outside the workspace boundary. By default, tools.fs.workspaceOnly is off. This primarily affects deployments that intentionally enable workspace-only filesyste...

GHSA-3JX4-Q2M7-R496 OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations

Summary In certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference files outside the workspace boundary. By default, tools.fs.workspaceOnly is off. This primarily affects deployments that intentionally enable workspace-only filesyste...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the applypatch process. An attacker can gain unauthorized access to files or directories outside the intended workspace by exploiting insufficient enforcement ...

OpenClaw: Experimental apply_patch may bypass workspace-only checks in opt-in sandbox mounts (off by default)

Summary In some opt-in sandbox configurations, the experimental applypatch tool did not consistently apply workspace-only checks to mounted paths for example /agent/.... Impact This does not affect default installs. Default posture: - agents.defaults.sandbox.mode=off sandbox disabled by default -...

PT-2026-26389

Summary In some opt-in sandbox configurations, the experimental apply patch tool did not consistently apply workspace-only checks to mounted paths for example /agent/.... Impact This does not affect default installs. Default posture: - agents.defaults.sandbox.mode=off sandbox disabled by default ...

libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

...

CVE-2026-0542

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox. ServiceNow addressed this vulnerability by deploying ...

CVE-2025-41002

SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...

CVE-2025-41002

SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...

CVE-2025-41002 SQL injection in Infoticketing

SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...

CVE-2025-41002 SQL injection in Infoticketing

SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...

CVE-2025-41002

CVE-2025-41002 is a SQL injection vulnerability in Infoticketing. An unauthenticated attacker can abuse a POST request to the path /components/cart/cartApplyDiscount.php using the 'code' parameter to retrieve, create, update, and delete data in the database. The CVSS metrics indicate a critical s...

MANANTIAL DE IDEAS Infoticketing SQL注入漏洞

MANANTIAL DE IDEAS Infoticketing is a one-stop ticketing system provided by the Spanish company MANANTIAL DE IDEAS. MANANTIAL DE IDEAS Infoticketing has a SQL injection vulnerability, which stems from improper handling of the code parameter in the components/cart/cartApplyDiscount.php file. This...