Common Vulnerabilities and Exposures (CVE)

CVE-2026-21678

Jan 7, 2026 17:11:07 UTC

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml()...

CVE-2026-21506

Jan 7, 2026 17:10:58 UTC

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::Parse...

CVE-2026-21505

Jan 7, 2026 17:10:51 UTC

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue ha...

CVE-2026-21503

Jan 7, 2026 17:10:44 UTC

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() in...

CVE-2026-21504

Jan 7, 2026 17:10:35 UTC

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This ...

CVE-2026-21501

Jan 7, 2026 17:09:54 UTC

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This iss...

CVE-2025-11745

Jan 7, 2026 17:09:53 UTC

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input ...

CVE-2025-64180

Jan 7, 2026 17:09:52 UTC

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS...

CVE-2025-41739

Jan 7, 2026 17:09:52 UTC

An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potent...

CVE-2025-12483

Jan 7, 2026 17:09:52 UTC

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'query' parameter in all versions up to, and including, 3.11.12 due to insufficient escaping on the user supplied parameter ...

CVE-2025-12370

Jan 7, 2026 17:09:52 UTC

The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

CVE-2025-14223

Jan 7, 2026 17:09:52 UTC

A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staff_id leads to sql injection. The attack may...

CVE-2025-15164

Jan 7, 2026 17:09:51 UTC

A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remo...

CVE-2025-21476

Jan 7, 2026 17:09:51 UTC

Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.

CVE-2025-21481

Jan 7, 2026 17:09:51 UTC

Memory corruption while performing private key encryption in trusted application.