7.1
CVE-2026-24409 - iccDEV has Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml()
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml(). This occurs when user-controllable input is unsafely incorporated in…
7.1
CVE-2026-24407 - iccDEV has Undefined Behavior in icSigCalcOp()
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary…
8.8
CVE-2026-24406 - iccDEV has Heap Buffer Overflow in CIccTagNamedColor2::SetSize()
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when user-controllable input is unsafely incorporated into ICC profi…
8.8
CVE-2026-24405 - iccDEV has Heap Buffer Overflow in CIccMpeCalculator::Read()
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-controllable input is unsafely incorporated into ICC profile d…
7.1
CVE-2026-24404 - iccDEV has Null Pointer Deference and Undefined Behavior in CIccXmlArrayType()
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely incorp…
7.1
CVE-2026-24403 - iccDEV Undefined Behavior in CIccProfile::CheckHeader() Leads to Integer Overflow
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader() when user-controllable input is incorporated into profile data u…
9.8
CVE-2026-22583 - Argument Injection in Salesforce Marketing Cloud Engagement CloudPagesUrl Module
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.
9.8
CVE-2026-22582 - Improper Neutralization of Argument Delimiters in a Command Leading to Web Services Protocol Manipu…
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.
9.8
CVE-2026-22586 - Hard‑coded Cryptographic Key Allows Web Services Protocol Manipulation in Salesforce Marketing Clou…
Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January …
9.8
CVE-2026-22585 - Risky Cryptographic Algorithm Enables Web Services Protocol Manipulation in Salesforce Marketing Cl…
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagem…