SUSE-SU-2026:0644-1 Security update for python312

This update for python312 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

CVE-2026-25503

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values causin...

CVE-2026-24404 iccDEV has Null Pointer Deference and Undefined Behavior in CIccXmlArrayType()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely...

CVE-2025-67945

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue affects MailerLite – WooCommerce integration: from n/a through = 3.1.2...

CVE-2026-21493

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2...

iccDEV 安全漏洞

iccDEV is an open source color configuration codebase from the International Color Consortium. A security vulnerability exists in iccDEV prior to version 2.3.1.2, which stems from a heap buffer overflow in the CIccCLUT::Init function that could lead to memory corruption...

EUVD-2026-1388

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in CIccTagXmlTagData::ToXml. This vulnerability affects users o...

CVE-2026-21685 iccDEV has Undefined Behavior in CIccTagLut16::Read()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagLut16::Read. This vulnerability affects users of the iccDEV libra...

CVE-2026-21505 iccDEV has Undefined Behavior (UB) - Invalid Enum Value

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue has been patched in version 2.3.1.2...

PT-2026-2075

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with ICC color management profiles. A heap-buffer-overflow issue exists in the IccTagXml function in versions prior to 2.3.1.2. Recommendations...

PT-2025-54278

Name of the Vulnerable Software and Affected Versions WP-EasyArchives versions through 3.1.2 Description A Cross-Site Request Forgery CSRF issue exists in WP-EasyArchives, which can also lead to Stored Cross-Site Scripting XSS. This allows an attacker to potentially perform actions on behalf of a...

Linux Distros Unpatched Vulnerability : CVE-2016-9606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which cou...

CVE-2025-54809 F5 Access for Android vulnerability

F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

MRCMS 安全漏洞

MRCMS is a content management system by marker personal developer. A security vulnerability exists in MRCMS version v3.1.2, which stems from the servletDispatcherServlet.java module containing a server-side template injection vulnerability...

CVE-2024-43161

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2...

org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.2), org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.2) +3 more potentially affected by CVE-2024-27317 via org.apache.pulsar:pulsar-functions-worker (>=3.1.0 <=3.1.2)

org.apache.pulsar:pulsar-functions-worker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.2 Source cves: CVE-2024-27317 Source advisory: OSV:GHSA-JG2G-4RJG-CMQH...

CVE-2022-26838

Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service DoS condition...

CVE-2022-31200

creationtimestamp| type| source ---|---|--- 2023-07-27 22:28:45+00:00| seen| https://t.me/cibsecurity/67342...

OpenHarmony 授权问题漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation Foundation. An authorization issue vulnerability exists in OpenHarmony-v3.1.2 and earlier versions, which can be exploited by local attackers to bypass privilege control and obtain sensitive...

"Hulu" App for Android uses a hard-coded API key for an external service

Overview "Hulu" App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service CWE-798. Ryo Sato of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact T...