5.4
CVE-2026-21691 - iccDEV has Type Confusion in CIccTag:IsTypeCompressed()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccTag:IsTypeCompressed()`. This vulnerability affects useβ¦
6.3
CVE-2026-21690 - iccDEV has Type Confusion in CIccTagXmlTagData::ToXml()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccTagXmlTagData::ToXml()`. This vulnerability affects useβ¦
6.5
CVE-2026-21689 - iccDEV has Type Confusion in CIccProfileXml::ParseBasic() at IccXML/IccLibXML/IccProfileXml.cpp
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccProfileXml::ParseBasic()` at `IccXML/IccLibXML/IccProfiβ¦
8.8
CVE-2026-21688 - iccDEV has Type Confusion in SIccCalcOp::ArgsPushed() at IccProfLib/IccMpeCalc.cpp
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `SIccCalcOp::ArgsPushed()` at `IccProfLib/IccMpeCalc.cpp`. Tβ¦
7.1
CVE-2026-21687 - iccDEV has Undefined Behavior in CIccTagCurve::CIccTagCurve()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagCurve::CIccTagCurve()`. This vulnerability affects users of the β¦
7.5
CVE-2025-69263 - pnpm Lockfile Integrity Bypass Allows Remote Dynamic Dependencies
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package β¦
7.1
CVE-2026-21686 - iccDEV has Undefined Behavior in CIccTagLutAtoB::Validate()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLutAtoB::Validate()`. This vulnerability affects users of the icβ¦
7.1
CVE-2026-21685 - iccDEV has Undefined Behavior in CIccTagLut16::Read()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLut16::Read()`. This vulnerability affects users of the iccDEV lβ¦
7.1
CVE-2026-21684 - iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagSpectralViewingConditions()`. This vulnerability affects users oβ¦
9.1
CVE-2025-69222 - LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actioβ¦