24h | 7d | 30d

CVE-2026-24412

Overview

  • InternationalColorConsortium
  • iccDEV
24 Jan 2026
Published
24 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.06%
KEV

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 19 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24412 - High (8.8)

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs ...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 1
  • 0
  • 19h ago

CVE-2026-20736

Overview

  • Gitea
  • Gitea Open Source Git Server
22 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-20736 - High (7.5)

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different rep...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 1
  • 0
  • 21h ago

CVE-2026-20750

Overview

  • Gitea
  • Gitea Open Source Git Server
22 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2026-20750 - Critical (9.1)

Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-24405

Overview

  • InternationalColorConsortium
  • iccDEV
24 Jan 2026
Published
24 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.06%
KEV

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24405 - High (8.8)

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllab...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-24406

Overview

  • InternationalColorConsortium
  • iccDEV
24 Jan 2026
Published
24 Jan 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.06%
KEV

Description

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2.

Statistics

  • 2 Posts
Last activity: 20 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24406 - High (8.8)

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when user-contro...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 20h ago

CVE-2026-1386

Overview

  • AWS
  • Firecracker
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.1
MEDIUM (6.0)
EPSS
0.01%
KEV

Description

A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture
Eyal Estrin ☁️ @eyalestrin.bsky.social
CVE-2026-1386 - Arbitrary Host File Overwrite via Symlink in Firecracker Jailer (2026-003-AWS) #patchmanagement
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-1201

Overview

  • Hubitat
  • Elevation C3
22 Jan 2026
Published
23 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
0.04%
KEV

Description

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture
theHastyOne @ahasty

A write up of the 9.4 vuln in #hubitat (CVE-2026-1201) is available on the ostrich lab site. ostrichlab.io/research-blog/?p

If you have a hubitat please update. If you like this kind of research please follow!

#homeautomation #smarthome #cybersecurity #cybersec #CVE

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-0693

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
ZAST AI @zastai

We verified a Stored XSS (CVE-2026-0693) in the "Allow HTML in Category Descriptions" @WordPress plugin.

The Flaw: The plugin correctly restricts input but unintentionally removes global output filters (wp_kses_data) for all users. The Impact: Malicious scripts in category descriptions execute for any visitor. The Validation: Confirmed via autonomous PoC.

Security requires validating the full data lifecycle, not just lines of code.

Vulnerability details: cve.org/CVERecord?id=CVE-2026-
@wordfence @cve @zoomeye_team

  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-0668

Overview

  • Wikimedia Foundation
  • MediaWiki - VisualData Extension
07 Jan 2026
Published
07 Jan 2026
Updated
CVSS
Pending
EPSS
0.06%
KEV

Description

Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture
Radman Siddiki @redmin78.bsky.social
🚨New security vulnerability disclosure: ReDOS in MediaWiki extension VisualData (CVE-2026-0668) I identified Regular Expression Denial-of-Service (ReDOS) vulnerabilities during a security review of the VisualData MediaWiki extension.🧡 πŸ“¦Affected Versions: All versions of the extension up to v1.1.2...
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-24609

Overview

  • Elated-Themes
  • Laurent
  • laurent
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS
Pending
EPSS
0.11%
KEV

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-24609 - High (7.5)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through &lt;= 3.1.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago
Showing 11 to 20 of 36 CVEs