Lucene search
+L

712 matches found

EUVD
EUVD
added 2026/03/31 10:35 p.m.8 views

EUVD-2026-17257

baserCMS has an SQL injection vulnerability in its blog post functionality...

6.9CVSS7.2AI score0.00412EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 10:22 p.m.2 views

CVE-2026-34556

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

6.2CVSS5.9AI score0.00156EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/31 10:22 p.m.28 views

CVE-2026-34556 iccDEV: HBO in icAnsiToUtf8()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

6.2CVSS0.00156EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/31 10:15 p.m.5 views

EUVD-2026-17717

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB issue in IccTagLut.cpp where the code performs member access through a null pointer of type CIccApplyCLUT. This issue has been patched in versio...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 10:9 p.m.11 views

CVE-2026-34548

iccDEV contains an Undefined Behavior (UB) in the XML conversion tool path (iccToXml) caused by an implicit conversion from a negative signed integer to icUInt32Number, leading to value changes prior to version 2.3.1.6. The issue is patched in version 2.3.1.6.

6.2CVSS5.8AI score0.00159EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 10:8 p.m.1 views

CVE-2026-34547 iccDEV: UB at IccUtil.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior UB condition in IccUtil.cpp can be triggered by a crafted ICC profile when running iccDumpProfile. This issue has been patched in version 2.3.1.6...

6.2CVSS5.7AI score0.00156EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 10:5 p.m.14 views

CVE-2026-34542

CVE-2026-34542 affects iccDEV before version 2.3.1.6, where a crafted ICC profile can trigger a stack-buffer-overflow in CIccCalculatorFunc::Apply() when processed via iccApplyNamedCmm. Under AddressSanitizer this appears as a 4-byte write stack-buffer-overflow in IccProfLib/IccMpeCalc.cpp:3873, ...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 10:0 p.m.5 views

CVE-2026-34537

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/31 9:59 p.m.20 views

CVE-2026-34536

ICC Dev iccDEV libraries are affected by a stack overflow in SIccCalcOp::ArgsUsed() when processing a crafted ICC profile under iccApplyProfiles. The issue exists before version 2.3.1.6 and is observed under AddressSanitizer; it has been patched in version 2.3.1.6.

6.2CVSS5.8AI score0.00222EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:58 p.m.7 views

CVE-2026-34535

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 9:58 p.m.4 views

CVE-2026-34535 iccDEV: SEGV in CIccTagArray::Cleanup()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/31 2:30 a.m.4 views

SQL Injection

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to SQL Injection via the blog post process. An attacker can execute arbitrary SQL commands by supplying crafted input to the affected component. Remediation Upgrade...

9.8CVSS7.4AI score0.00412EPSS
Exploits0References2
NVD
NVD
added 2026/03/31 1:16 a.m.4 views

CVE-2026-32734

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3...

7.1CVSS0.00258EPSS
Exploits0References3
NVD
NVD
added 2026/03/31 1:16 a.m.8 views

CVE-2026-30880

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3...

9.8CVSS0.02059EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/31 12:46 a.m.4 views

CVE-2026-32734 baserCMS: Multiple vulnerabilities in baserCMS

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3...

7.1CVSS6.9AI score0.00258EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 12:45 a.m.4 views

CVE-2026-30879 baserCMS: Cross-site scripting vulnerability in blog post

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3...

6.9CVSS7AI score0.00233EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/31 12:45 a.m.9 views

CVE-2026-30879 baserCMS: Cross-site scripting vulnerability in blog post

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3...

6.9CVSS7AI score0.00233EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 12:45 a.m.13 views

CVE-2026-30879

Summary: CVE-2026-30879 affects baserCMS prior to version 5.2.3, where a cross-site scripting (XSS) vulnerability in blog posts could be exploited. The issue is resolved by updating to version 5.2.3. Affected software: baserCMS (website development framework). Vulnerability details (from connecte...

6.9CVSS7AI score0.00233EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/31 12:45 a.m.26 views

CVE-2026-30879 baserCMS: Cross-site scripting vulnerability in blog post

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3...

6.9CVSS0.00233EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/31 12:45 a.m.6 views

CVE-2026-30878 baserCMS: Mail Form Acceptance Bypass via Public API

baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables...

5.3CVSS5.8AI score0.00382EPSS
Exploits1References3
Rows per page
Query Builder