EUVD-2026-8640

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when...

CVE-2026-27691 iccDEV has SIO in parse3DTable() at iccFromCube.cpp Line 218

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when...

CVE-2026-27691

CVE-2026-27691 affects iccDEV up to version 2.3.1.4. The root cause is a signed integer overflow in iccFromCube.cpp during multiplication, causing undefined behavior that can lead to crashes or generation of incorrect ICC profiles when processing crafted or large cube inputs. The issue has been f...

kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid

A flaw null pointer dereference in the Linux kernel NFS functionality was found in the way client does some specific action for existing NFS connection. A client user could use this flaw to crash the server system...

CVE-2026-27632

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...

CVE-2026-27632 Talishar Vulnerable to Cross-Site Request Forgery (CSRF)

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...

CVE-2026-27632 Talishar Vulnerable to Cross-Site Request Forgery (CSRF)

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...

EUVD-2026-8576

Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...

PT-2026-21916

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.5 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A heap-buffer-overflow read occurs during CIccTagTextDescription::Release when strlen reads past a heap buffer...

OPENSUSE-SU-2026:10241-1 cacti-1.2.30+git231.bca15e70c-1.1 on GA media

These are all security issues fixed in the cacti-1.2.30+git231.bca15e70c-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-61147

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable...

CVE-2025-61147

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable...

CVE-2025-61147

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable...

CVE-2025-61147

CVE-2025-61147 concerns strukturag’s libde265. A segmentation fault is reported in the decoder via the function decoder_context::compute_framedrop_table(), as identified in the commit d9fea9d and related issue/commit references. The available description notes the fault but does not provide affec...

CVE-2025-61147

strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decodercontext::computeframedroptable...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation in the SAML SSO authentication process. An attacker can gain unauthorized access to user accounts by leveraging a malicious SAML Identity Provider and another organization configured on the same instance. Notes: - Thi...

CVE-2026-2863

The CVE-2026-2863 entry describes a path-traversal vulnerability in the deleteFile function of FileServiceImpl.java within feng_ha_ha/megagao ssm-erp and production_ssm (up to a specific commit). Remote exploitability is stated, with a published exploit and continuous delivery practices noted. Pu...

CVE-2026-27113

Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...

OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

Vulnerability The ACP bridge accepted very large prompt text blocks and could assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE integrations that send unusually large inputs. Affected...

CVE-2025-15586

OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a type juggling flaw which if exploited can result in authentication bypass without knowledge of the victim account's password...