Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-02-26
CVE-2026-22186 - Bio-Formats Plugin
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity (XXE) vulnerability in the Leica Microsystems metadata parsing component (e.g., XLEF). The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity expansion and external DTD loading. A crafted metadata file can trigger outbound network requests (SSRF), access local system resources where readable, or cause a denial of service during XML parsing.
PLUGIN
Bio-Formats
CVE-2026-22186
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21682 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow in `CIccXmlArrayType::ParseText()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
PLUGIN
iccDEV
CVE-2026-21682
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21681 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Undefined Behavior runtime error. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
PLUGIN
iccDEV
CVE-2026-21681
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-22185 - OpenLDAP Plugin
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.
PLUGIN
OpenLDAP
CVE-2026-22185
Risk Score
Threat Entry
Updated 2026-01-15
CVE-2026-22184 - Zlib Plugin
zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
PLUGIN
Zlib
CVE-2026-22184
Risk Score
Threat Entry
Updated 2026-02-03
CVE-2026-21856 - Tarkov Data Manager Plugin
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against the MySQL database. Commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 contains a patch.
PLUGIN
Tarkov Data Manager
CVE-2026-21856
Risk Score
Threat Entry
Updated 2026-02-03
CVE-2026-21854 - Tarkov Data Manager Plugin
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows any unauthenticated user to gain full admin access to the Tarkov Data Manager admin panel by exploiting a JavaScript prototype property access vulnerability, combined with loose equality type coercion. A series of fix commits on 02 January 2025 fixed this and other vulnerabilities.
PLUGIN
Tarkov Data Manager
CVE-2026-21854
Risk Score
Threat Entry
Updated 2026-02-03
CVE-2026-21855 - Tarkov Data Manager Plugin
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting (XSS) vulnerability in the toast notification system allows any attacker to execute arbitrary JavaScript in the context of a victim's browser session by crafting a malicious URL. A series of fix commits on 02 January 2025 fixed this and other vulnerabilities.
PLUGIN
Tarkov Data Manager
CVE-2026-21855
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-0670 - MediaWiki - ProofreadPage Extension Plugin
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39.
PLUGIN
MediaWiki - ProofreadPage Extension
CVE-2026-0670
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21679 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow in CIccLocalizedUnicode::GetText(). This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21679
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-21678 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml(). This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21678
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21680 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer dereference vulnerability. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
PLUGIN
iccDEV
CVE-2026-21680
Risk Score
Threat Entry
Updated 2026-01-08
CVE-2026-22539 - QC 60/90/120 Plugin
As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6.
PLUGIN
QC 60/90/120
CVE-2026-22539
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21504 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21504
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21503 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() in CIccTagSparseMatrixArray. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21503
Risk Score
Threat Entry
Updated 2026-01-13
CVE-2026-21506 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::ParseBasic(), leading to denial of service. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21506
Risk Score
Threat Entry
Updated 2026-01-12
CVE-2026-21505 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21505
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21502 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21502
Risk Score
Threat Entry
Updated 2026-01-09
CVE-2026-21501 - iccDEV Plugin
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.
PLUGIN
iccDEV
CVE-2026-21501
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-0669 - MediaWiki - CSS extension Plugin
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.
PLUGIN
MediaWiki - CSS extension
CVE-2026-0669
Risk Score