CVE-2026-25634

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1....

CVE-2026-25634

CVE-2026-25634 affects iccDEV classic builds prior to 2.3.1.4. The vulnerability is a stack-buffer overlap between SrcPixel and DestPixel in CIccTagMultiProcessElement::Apply() implemented in IccTagMPE.cpp, which is addressed by upgrading to version 2.3.1.4 or later. The Red Hat, NVD, and CVE rec...

CVE-2026-25634 iccDEV memcpy-param-overlap in CIccTagMultiProcessElement::Apply()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1....

Malicious code in ac-element-engagement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 781104558212062e46f87c009a2a0af57fb00f707c878b53dfc5a7c241cce06b The package ac-element-engagement was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-780 Malicious code in ac-element-engagement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 781104558212062e46f87c009a2a0af57fb00f707c878b53dfc5a7c241cce06b The package ac-element-engagement was found to contain malicious code. Source: ossf-package-analysis...

PT-2026-6793

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.4 Description iccDEV is a set of libraries and tools used for interacting with, manipulating, and applying ICC color management profiles. A stack buffer overlap exists in the CIccTagMultiProcessElement::Apply...

SUSE CVE-2026-23078

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Fix buffer overflow in config retrieval The scarlett2usbgetconfig function has a logic error in the endianness conversion code that can cause buffer overflows when count 1. The code checks if size == 2 where size...

CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...

CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...

CVE-2026-1554

CVE-2026-1554 is an XML Injection (Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS) Server. The issue affects CAS Server on Drupal and is triggered by insufficient sanitization of XML data used as CAS attributes, enabling privilege escalation. Public details indi...

CVE-2026-25028

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.1...

CVE-2026-24947

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.5.6.3...

CVE-2026-23078

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Fix buffer overflow in config retrieval The scarlett2usbgetconfig function has a logic error in the endianness conversion code that can cause buffer overflows when count 1. The code checks if size == 2 where size...

CVE-2026-23078

Technical details for CVE-2026-23078 are not provided in the connected documents. The initial description summarizes the buffer overflow fix in ALSA scarlett2 in Linux kernel; no vendor/product-specific impact or patch versions are specified here. Monitor for updates.

kernel: mac80211: fix potential double free on mesh join

In the Linux kernel, the following vulnerability has been resolved: mac80211: fix potential double free on mesh join While commit 6a01afcf8468 "mac80211: mesh: Free ie data when leaving mesh" fixed a memory leak on mesh leave / teardown it introduced a potential memory corruption caused by a doub...

CVE-2025-47402

Transient DOS when processing a received frame with an excessively large authentication information element...

CVE-2026-25028

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.1...

CVE-2026-24947

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.5.6.3...

EUVD-2026-5311

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.1...

CVE-2026-24947 WordPress LA-Studio Element Kit for Elementor plugin < 1.5.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.5.6.3...