4.3
CVE-2025-69221 - LibreChat has Insufficient Access Control for Agent Permission Queries
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the configuratioβ¦
8.8
CVE-2026-21682 - iccDEV has heap-buffer-overflow in CIccXmlArrayType::ParseText()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow in `CIccXmlArrayType::ParseText()`. This vulnerability affects users ofβ¦
7.1
CVE-2025-69220 - LibreChat has Insufficient Access Control for Agent Files
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to theβ¦
7.1
CVE-2026-21681 - iccDEV has Undefined Behavior runtime error: nan is outside the range .. IccProfLib/IccTagBasic.cpp
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Undefined Behavior runtime error. This vulnerability affects users of the iccDEV library whoβ¦
5.5
CVE-2025-69255 - RustFS gRPC GetMetrics deserialization panic enables remote DoS
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes get_metrics to unwrap() failed deserialization of metric_type/opts, panicking the handler thread and enabling remote denial of service of the metricsβ¦
8.8
CVE-2025-68705 - RustFS Path Traversal Vulnerability
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. This issue has been patched in version 1.0.0-alpha.79.
6.8
CVE-2026-22187 - Bio-Formats <= 8.3.0 Memoizer Unsafe Deserialization via .bfmemo Cache Files
Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity cβ¦
4.6
CVE-2026-22186 - Bio-Formats <= 8.3.0 XXE in Leica XLEF Metadata Parser
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity (XXE) vulnerability in the Leica Microsystems metadata parsing component (e.g., XLEF). The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entiβ¦
4.6
CVE-2026-22185 - OpenLDAP <= 2.6.10 LMDB mdb_load Heap Buffer Underflow in readline()
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and caβ¦
6.9
CVE-2026-22188 - Panda3D <= 1.10.16 Deploy-Stub Stack Exhaustion via Unbounded alloca()
Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a laβ¦