4.8
CVE-2023-7333 - bluelabsio records-mover Table Object sql injection
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patβ¦
5.5
CVE-2025-62224 - Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.
8.3
CVE-2026-21857 - Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read
REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter againsβ¦
8.2
CVE-2026-21697 - axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global `defaultClient` is mutated during request execution without synchronization, directly modifying the shared `http.Client`'s `Transport`, `Timeout`, β¦
5.3
CVE-2026-21851 - MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while oβ¦
8.9
CVE-2026-21441 - urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming β¦
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Cβ¦
8.8
CVE-2026-22047 - iccDEV has heap-buffer-overflow in SIccCalcOp::Describe() at IccProfLib/IccMpeCalc.cpp
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `SIccCalcOp::Describe()` at `IccProfLib/IccMpeCalc.cppβ¦
1.8
CVE-2025-12776 - Stored Cross-Site Scripting
The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting (XSS) attack. Proper management of this functionality helps ensure a secure and seamless user experience. Β Although thβ¦
8.8
CVE-2026-22046 - iccDEV has heap-buffer-overflow in CIccProfileXml::ParseBasic() at IccXML/IccLibXML/IccProfileXml.cβ¦
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccProfileXml::ParseBasic()` at `IccXML/IccLibXML/Icβ¦
8.8
CVE-2026-21693 - iccDEV has Type Confusion in CIccSegmentedCurveXml::ToXml() at IccXML/IccLibXML/IccMpeXml.cpp
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccSegmentedCurveXml::ToXml()` at `IccXML/IccLibXML/IccMpeβ¦