EUVD-2026-1144

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It...

CVE-2026-21490

The CVE-2026-21490 vulnerability affects iccDEV prior to version 2.3.1.2 and causes a heap buffer overflow in CIccTagLut16::Validate(). A patch exists in 2.3.1.2; upgrade to 2.3.1.2 or later to remediate. No additional exploit details are provided in the supplied documents.

CVE-2026-21490 iccDEV has heap buffer overflow in CIccTagLut16::Validate()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It...

CVE-2026-21494 iccDEV has heap buffer overflow in CIccTagLut8::Validate()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It...

CVE-2026-21494 iccDEV has heap buffer overflow in CIccTagLut8::Validate()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It...

CVE-2026-21494

The vulnerability CVE-2026-21494 affects iccDEV prior to 2.3.1.2, where a heap buffer overflow occurs in CIccTagLut8::Validate() when processing ICC color profiles. A patch exists in version 2.3.1.2. No public workarounds are documented in the provided sources. Remediation is to upgrade to 2.3.1....

Improper Authentication

Signal K Server is vulnerable to Improper Authentication. The vulnerability is due to unauthenticated modification of internal server state via the /skServer/validateBackup endpoint, which allows an attacker to overwrite critical configuration files and hijack the administrator restore process to...

CVE-2026-21676

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1...

CVE-2026-21676 iccDEV has a Heap-based Buffer Overflow in its CIccMBB::Validate() function

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1...

CVE-2026-21676 iccDEV has a Heap-based Buffer Overflow in its CIccMBB::Validate() function

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1...

EUVD-2026-1151

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1...

CVE-2026-21676

ICCDev iccDEV contains a Heap-based Buffer Overflow in CIccMBB::Validate that affects versions 2.3.1 and earlier. The issue is fixed in version 2.3.1.1. This CVE-2026-21676 entry is supported by Red Hat and NVD descriptions, identifying the vulnerable component and the fixed version. Remediation:...

CVE-2026-21676 iccDEV has a Heap-based Buffer Overflow in its CIccMBB::Validate() function

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1...

PT-2026-1406

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.1 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Heap-based Buffer Overflow in the CIccMBB::Validate function, which is...

iccDEV 安全漏洞

iccDEV is a color configuration codebase open-sourced by the International Color Consortium ICC. A security vulnerability exists in iccDEV 2.3.1 and earlier versions, which stems from a heap buffer overflow in the CIccMBB::Validate function, which could lead to a heap buffer overflow attack...

PT-2026-1325

Name of the Vulnerable Software and Affected Versions Passy version 1.6.3 Description A flaw exists in Passy that could allow a remote attacker to execute arbitrary commands. This can occur through the serial interface by sending a specific code sequence. Additionally, a remote authenticated...

CVE-2025-66398

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...

CVE-2025-66023

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free UAF vulnerability within the MQTT bridge client component implemented via the underlying NanoNNG library. The vulnerability is triggered when NanoMQ acts as a bridge connecting ...

GHSA-W3X5-7C4C-66P9 Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)

Summary An unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restore" functionality to overwrite critical server configuration files e.g., security.json,...

CVE-2025-66398

Summary (CVE-2025-66398) : Signal K Server (signalk-server) before version 2.19.0 is vulnerable to unauthenticated state pollution via the /skServer/validateBackup endpoint. An attacker can pollute the global restoreFilePath, hijack the administrator’s Restore workflow, and overwrite critical con...