Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-12
CVE-2026-21505 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21505
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21502 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21502
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21501 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21501
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21500 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the XML calculator macro expansion. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21500
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21499 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21499
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21498 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21498
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21497 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21497
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21496 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21496
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21495 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21495
Risk Score
Threat Entry
Updated 2026-02-24
CVE-2026-0668 - MediaWiki - VisualData Extension Plugin
Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.
PLUGIN
MediaWiki - VisualData Extension
CVE-2026-0668
Risk Score
Threat Entry
Updated 2026-01-08
CVE-2026-22543 - QC 60/90/120 Plugin
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials
PLUGIN
QC 60/90/120
CVE-2026-22543
Risk Score
Threat Entry
Updated 2026-01-08
CVE-2026-22537 - QC 60/90/120 Plugin
The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker.
PLUGIN
QC 60/90/120
CVE-2026-22537
Risk Score
Threat Entry
Updated 2026-01-08
CVE-2026-20029 - Cisco Identity Services Engine Software Plugin
A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive…
PLUGIN
Cisco Identity Services Engine Software
CVE-2026-20029
Risk Score
Threat Entry
Updated 2026-01-30
CVE-2026-0618 - PowerShell Universal Plugin
Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13.
PLUGIN
PowerShell Universal
CVE-2026-0618
Risk Score
Threat Entry
Updated 2026-01-08
CVE-2026-20026 - Cisco Secure Firewall Threat Defense (FTD) Software Plugin
Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in a buffer use-after-free read. An attacker could exploit this vulnerability by sending a large number of DCE/RPC requests through an established connection that is inspected by Snort 3. A successful…
PLUGIN
Cisco Secure Firewall Threat Defense (FTD) Software
CVE-2026-20026
Risk Score
Threat Entry
Updated 2026-01-08
CVE-2026-20027 - Cisco Secure Firewall Threat Defense (FTD) Software Plugin
Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in a buffer out-of-bounds read. An attacker could exploit this vulnerability by sending a large number of DCE/RPC requests through an established connection that is inspected by Snort 3. A…
PLUGIN
Cisco Secure Firewall Threat Defense (FTD) Software
CVE-2026-20027
Risk Score
Threat Entry
Updated 2026-01-15
CVE-2026-0643 - House Rental and Property Listing Plugin
A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
PLUGIN
House Rental and Property Listing
CVE-2026-0643
Risk Score
Threat Entry
Updated 2026-01-08
CVE-2026-0649 - Invoiceninja Plugin
A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument company_logo leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
PLUGIN
Invoiceninja
CVE-2026-0649
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-0642 - House Rental and Property Listing Plugin
A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
PLUGIN
House Rental and Property Listing
CVE-2026-0642
Risk Score
Threat Entry
Updated 2026-01-08
CVE-2025-15058 - Dk Pricr Responsive Pricing Table Plugin
The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'table_currency' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Dk Pricr Responsive Pricing Table
CVE-2025-15058
Risk Score