EUVD-2026-1408

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2...

CVE-2026-21496

CVE-2026-21496 affects iccDEV prior to 2.3.1.2. The vulnerability is a NULL pointer dereference in the signature parser, which can trigger a crash. Red Hat, NVD, and other sources corroborate that this issue was patched in version 2.3.1.2. Relevant impact is listed as Availability High, with othe...

CVE-2026-21496 NULL Pointer Dereference in iccDEV Signature Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2...

CVE-2017-6921

In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services rest module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or...

CVE-2025-1584

A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. This vulnerability affects unknown code of the file solon-projects/solon-web/solon-web-staticfiles/src/main/java/org/noear/solon/web/staticfiles/StaticMappings.java. The manipulation leads to path traversal:...

CVE-2025-1056

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version...

CVE-2026-21491 iccDEV has unicode buffer overflow in CIccTagTextDescription

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992641)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992641 advisory. In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a potential UAF in hfscdequeue too Similarly to the previous patch, we need t...

CVE-2023-54031 vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check

In the Linux kernel, the following vulnerability has been resolved: vdpa: Add queue index attr to vdpanlpolicy for nlattr length check The vdpanlpolicy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr...

CVE-2025-68615

net-snmp snmptrapd is affected by CVE-2025-68615 via a buffer overflow triggered by a specially crafted trap packet, crashing the daemon. Affected versions are before 5.9.5 and 5.10.pre2; patch versions are 5.9.5 and 5.10.pre2. Remediation: upgrade to those patched releases (or newer).

CVE-2025-68434

CVE-2025-68434 affects OpenSourcePOS 3.4.0–3.4.1, where CSRF protection was explicitly disabled in the global filters, allowing a logged-in administrator’s browser to be coerced into making state-changing POST requests and silently create a new Administrator account. The issue is fixed in 3.4.2 b...

PT-2025-51338

Name of the Vulnerable Software and Affected Versions Misskey versions 2025.9.1 through 2025.11.1 Misskey versions prior to 2025.12.0-alpha.2 Description Misskey is an open source, federated social media platform. Attackers can bypass IP rate limiting by adding a forged X-Forwarded-For header whe...

CISA Software Acquisition Guide Supplier Response Web Tool XSS

RISK EVALUATION The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The...

Exploit for CVE-2025-66478

Next.js CVE Auto-Patcher Automation tool written in Go to sca...

GHSA-9GQJ-5W7C-VX47 Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing

Due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the sandbox policy did not configure any allowed domains. This could allow sandboxed code to make network requests outside of the sandbox. A patch for this was released in v0.0.16. Thank you to...

PT-2025-48646

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'query' parameter in all versions up to, and including, 3.11.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-66036 Retro is vulnerable to XSS vulnerability in input handling component

Retro is an online platform providing items of vintage collections. Prior to version 2.4.7, Retro is vulnerable to a cross-site scripting XSS in the input handling component. This issue has been patched in version 2.4.7...

EUVD-2025-199639

The Primakon Pi Portal 1.0.18 API /api/V2/ppudfvadmin endpoint, fails to perform necessary server-side validation. The administrative LoginAs or user impersonation feature is vulnerable to a access control failure. This flaw allows any authenticated low-privileged user to execute a direct PATCH...

PT-2025-48086

Name of the Vulnerable Software and Affected Versions: GeoServer versions 2.26.0 through 2.26.1 and versions prior to 2.25.6 Description: GeoServer is an open-source server for sharing and editing geospatial data. A vulnerability exists due to improper restriction of XML external entity reference...

new-api is vulnerable to SSRF Bypass

Summary A recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applies security restrictions to the first URL request, a 302 redirect can bypass existing security measures and successful...