EUVD-2026-10721

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType::DumpArray causing out-of-bounds read and/or crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30981

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType::DumpArray causing out-of-bounds read and/or crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30981 iccDEV has a heap-buffer-overflow read in CIccXmlArrayType<>

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType::DumpArray causing out-of-bounds read and/or crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30981 iccDEV has a heap-buffer-overflow read in CIccXmlArrayType<>

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType::DumpArray causing out-of-bounds read and/or crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30981

Technical details about CVE-2026-30981 are not provided in the connected documents. No further technical specifics are available here; monitor for updates.

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

Moderate: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

PT-2026-24412

Array Networks MotionPro ArrayInstallManager Incorrect Permission Assignment Local Privilege Escalation Vulnerability...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

Moderate: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

Moderate: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2026-30860

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

RHEL 9 : php (RHSA-2026:4077)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4077 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in arraymerge...

CVE-2026-30860

Summary: CVE-2026-30860 is reserved in Initial; however, connected advisory GHSA-8W32-6MRW-Q5WV details a critical remote code execution (RCE) through SQL injection bypass in WeKnora’s AI Database Query Tool. The root cause is incomplete AST validation in a PostgreSQL query validator: Phase 5 doe...

WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

Summary A critical Remote Code Execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By...

GHSA-8W32-6MRW-Q5WV WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

Summary A critical Remote Code Execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By...

CVE-2026-29091

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution RCE flaw was discovered in the locutus project, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to...

CVE-2026-29091 Locutus: Remote Code Execution (RCE) in locutus call_user_func_array due to Code Injection

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution RCE flaw was discovered in the locutus project, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to...

CVE-2026-29091

CVE-2026-29091 concerns Locutus, a project that ports stdlibs to JavaScript. Red Hat and NVD descriptions detail an RCE in the call_user_func_array wrapper, where an insecure validation of the callback array before eval() allows arbitrary JavaScript execution in the runtime. The issue is specific...