CVE-2026-34537

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...

EulerOS 2.0 SP10 : python-ldap (EulerOS-SA-2026-1320)

According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...

FreeBSD : openexr -- buffer overflow in istream_nonparallel_read on invalid input data (716d25a6-0fdc-11f1-bfdf-ff9355aecb00)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 716d25a6-0fdc-11f1-bfdf-ff9355aecb00 advisory. Cary Phillips reports: openexr v3.4.5 ... fixes an incorrect size check in istreamnonparallelread that...

CVE-2023-45811

Synchrony deobfuscator is a javascript cleaner & deobfuscator. A proto pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A proto pollution vulnerability exists in the LiteralMap transformer allowing crafted input to modify...

TencentOS Server 4: python-ldap (TSSA-2025:0845)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0845 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2023-22373

Cross-site scripting vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information...

SUSE CVE-2021-21241

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...

Total Avengers Totaljs Framework 跨站脚本漏洞

Total Avengers Totaljs Framework is a Javascript-based code base for building web, desktop, service or IoT applications from Total Avengers, Slovakia. The application is similar to PHPs Laravel, Pythons Django, ASP.NET MVC for building Node applications.A cross-site scripting vulnerability exists...

AZL-7406 CVE-2021-22222 affecting package wireshark for versions less than 3.4.14-1

Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file...

CVE-2017-5688

There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code...

CVE-2025-34567

...