24h | 7d | 30d

Overview

  • InternationalColorConsortium
  • iccDEV

24 Jan 2026
Published
24 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.06%

KEV

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Fediverse

Profile picture

🟠 CVE-2026-24412 - High (8.8)

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs ...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 1
  • 0
  • 19h ago

Overview

  • Gitea
  • Gitea Open Source Git Server

22 Jan 2026
Published
23 Jan 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 21 hours ago

Fediverse

Profile picture

🟠 CVE-2026-20736 - High (7.5)

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different rep...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 1
  • 0
  • 21h ago

Overview

  • Gitea
  • Gitea Open Source Git Server

22 Jan 2026
Published
23 Jan 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture

πŸ”΄ CVE-2026-20750 - Critical (9.1)

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • InternationalColorConsortium
  • iccDEV

24 Jan 2026
Published
24 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.06%

KEV

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture

🟠 CVE-2026-24405 - High (8.8)

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllab...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • InternationalColorConsortium
  • iccDEV

24 Jan 2026
Published
24 Jan 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.06%

KEV

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Statistics

  • 2 Posts

Last activity: 20 hours ago

Fediverse

Profile picture

🟠 CVE-2026-24406 - High (8.8)

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when user-contro...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 20h ago

Overview

  • AWS
  • Firecracker

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.1
MEDIUM (6.0)
EPSS
0.01%

KEV

Description

A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture
CVE-2026-1386 - Arbitrary Host File Overwrite via Symlink in Firecracker Jailer (2026-003-AWS) #patchmanagement
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Hubitat
  • Elevation C3

22 Jan 2026
Published
23 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
0.04%

KEV

Description

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture

A write up of the 9.4 vuln in #hubitat (CVE-2026-1201) is available on the ostrich lab site. ostrichlab.io/research-blog/?p

If you have a hubitat please update. If you like this kind of research please follow!

#homeautomation #smarthome #cybersecurity #cybersec #CVE

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture

We verified a Stored XSS (CVE-2026-0693) in the "Allow HTML in Category Descriptions" @WordPress plugin.

The Flaw: The plugin correctly restricts input but unintentionally removes global output filters (wp_kses_data) for all users. The Impact: Malicious scripts in category descriptions execute for any visitor. The Validation: Confirmed via autonomous PoC.

Security requires validating the full data lifecycle, not just lines of code.

Vulnerability details: cve.org/CVERecord?id=CVE-2026-
@wordfence @cve @zoomeye_team

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Wikimedia Foundation
  • MediaWiki - VisualData Extension

07 Jan 2026
Published
07 Jan 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture
🚨New security vulnerability disclosure: ReDOS in MediaWiki extension VisualData (CVE-2026-0668) I identified Regular Expression Denial-of-Service (ReDOS) vulnerabilities during a security review of the VisualData MediaWiki extension.🧡 πŸ“¦Affected Versions: All versions of the extension up to v1.1.2...
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Elated-Themes
  • Laurent
  • laurent

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS
Pending
EPSS
0.11%

KEV

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

🟠 CVE-2026-24609 - High (7.5)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through &lt;= 3.1.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago
Showing 11 to 20 of 36 CVEs