CVE-2026-34533 iccDEV: UB in CIccCalculatorFunc::ApplySequence()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccCalculatorFunc::ApplySequence due to invalid enum values being loaded for icChannelFuncSignature. The issue is...

Return values of transfer()/transferFrom() not checked

Lines of code 377, 509, 491, 530, 42, 50 Vulnerability details Not all IERC20 implementations revert when there's a failure in transfer/transferFrom. The function signature has a boolean return value and they indicate errors that way instead. By not checking the return value, operations that shou...

OSV-2022-902 Invalid-free in function signature specialization <Arg

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51434 Crash type: Invalid-free Crash state: function signature specialization Arg NIOHTTP1.HTTPDecoder.didFinishHead protocol witness for NIOHTTP1...

CVE-2022-29392

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN00418c24...

All swapping functions lack checks for returned tokens

Lines of code Vulnerability details Impact Every function that stems from the GenericSwapFacet lacks checks to ensure that some tokens have been returned via the swaps. In LibSwap.sol in the swap function, the swap call is sent to the target DEX. A return of success is required, otherwise the...

Council veto protection does not work

Handle TomFrenchBlockchain Vulnerability details Impact Council can veto proposals to remove them to remain in power. Proof of Concept The Vader governance contract has the concept of a "council" which can unilaterally accept or reject a proposal. To prevent a malicious council preventing itself...

chromium-browser: Function signature mismatch in WebAssembly

An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Security update for chromium (moderate)

This update for Chromium to version 69.0.3497.92 fixes the following issues: Security issues fixed boo1108114: - Function signature mismatch in WebAssembly - URL Spoofing in Omnibox The following tracked packaging issues were fixed: - the chromium package incorrectly provied swiftshader resolvabl...

OpenJDK: incorrect bracket processing in function signature handling (Hotspot, 8170966)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: incorrect bracket processing in function signature handling (Hotspot, 8170966)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...