Explore CVEs

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have Out-of-bounds Read and In...

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bound...

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have an Out-of-bounds Read, Us...

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-b...

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Be...

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab560...

## Security Advisory: Stored XSS Leading to Admin Account Takeover **Affected Versions:** ≤ 5.1.0 **Vulnerability Type:** CWE-79: Stored Cross-Site...

### Summary Affected Components: ``` org.msgpack.core.MessageUnpacker.readPayload() org.msgpack.core.MessageUnpacker.unpackValue() org.msgpack.value.E...

### Summary A stored Cross-Site Scripting (XSS) vulnerability exists in Bagisto 2.3.8 within the CMS page editor. Although the platform normally attem...

### Summary SSTI is possible in Bagisto via type parameter can lead to RCE and other exploitations. ### Details 1. Go to `http://127.0.0.1:8000/admin...

### Summary SSTI is possible via first name and last name parameters provided by lowest-privileged users. ### Details 1. Go to `http://127.0.0.1:8000/...

### Summary SSTI when normal customer orders any product in add address step can inject value run in admin view. ### Details `As normal user` 1. Go to...

### Summary An Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items f...

### Vulnerable Code **File:** `packages/Ibkul/Installer/src/Routes/Ib.php` ``` <?php use Illuminate\\Session\\Middleware\\StartSession; use Illum...

### Summary Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive use...

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integrat...

### Impact urllib3's [streaming API](https://urllib3.readthedocs.io/en/2.6.2/advanced-usage.html#streaming-and-i-o) is designed for the efficient han...

### Summary **Description** A Path Traversal (CWE-22) vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrar...