Vuldb Updates

A vulnerability was found in Autodesk Fusion up to 2606.1.21 and classified as problematic. This impacts an unknown function of the component HTML Handler. Executing a manipulation can lead to HTML injection. This vulnerability is tracked as CVE-2026-0535. The attack is restricted to local execution. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in InternationalColorConsortium iccDEV up to 2.3.1.1/2.3.1.2. The affected element is the function CIccTagXmlFloatNum<>::ParseXml. Performing a manipulation results in improper input validation. This vulnerability is reported as CVE-2026-24409. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in InternationalColorConsortium iccDEV up to 2.3.1.1/2.3.1.2. The impacted element is the function CIccProfileXml::ParseBasic. Executing a manipulation can lead to improper input validation. This vulnerability appears as CVE-2026-24410. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability has been found in InternationalColorConsortium iccDEV up to 2.3.1.1/2.3.1.2 and classified as problematic. This affects the function CIccTagXmlSegmentedCurve::ToXml. The manipulation leads to denial of service. This vulnerability is traded as CVE-2026-24411. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in InternationalColorConsortium iccDEV up to 2.3.1.1/2.3.1.2. It has been classified as critical. Affected is the function CIccProfile::CheckHeader. This manipulation of the argument tag tables/offsets/size causes integer overflow. This vulnerability is handled as CVE-2026-24403. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in InternationalColorConsortium iccDEV up to 2.3.1.1/2.3.1.2. It has been declared as critical. Affected by this vulnerability is the function CIccXmlArrayType. Such manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2026-24404. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability identified as problematic has been detected in InternationalColorConsortium iccDEV up to 2.3.1.1/2.3.1.2. This vulnerability affects the function icSigCalcOp. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2026-24407. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Open WebUI. The impacted element is an unknown function. Executing a manipulation can lead to cleartext transmission of sensitive information. This vulnerability is handled as CVE-2026-0767. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical has been found in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os command injection. This vulnerability is traded as CVE-2026-1324. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function edit_pwd_mall of the file /fort/login/edit_pwd_mall. The manipulation of the argument flag results in weak password recovery. This vulnerability is known as CVE-2026-1325. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in SiYuan up to 3.5.3. The affected element is an unknown function of the file /api/file/globalCopyFiles. Such manipulation leads to path traversal. This vulnerability is traded as CVE-2026-23851. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as very critical has been found in D-Link D-View 8 up to 2.0.1.107. Affected is an unknown function of the component API Endpoint. This manipulation of the argument user_id causes authorization bypass. This vulnerability is tracked as CVE-2026-23754. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic was found in D-Link D-View 8 up to 2.0.1.107. Affected by this vulnerability is an unknown functionality in the library version.dll. Such manipulation leads to uncontrolled search path. This vulnerability is listed as CVE-2026-23755. The attack must be carried out locally. There is no available exploit.

A vulnerability identified as critical has been detected in vLLM up to 0.13.x. This issue affects the function auto_map of the component Hugging Face. Performing a manipulation results in code injection. This vulnerability is known as CVE-2026-22807. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability was found in kpdecker jsdiff up to 4.0.3/5.2.1/8.0.2. It has been rated as problematic. This vulnerability affects the function parsePatch of the component Patch Handler. Performing a manipulation results in resource consumption. This vulnerability is cataloged as CVE-2026-24001. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Revive Adserver up to 6.0.4. This affects an unknown function of the component Setting Handler. Executing a manipulation can lead to format string. This vulnerability is tracked as CVE-2026-21640. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability described as problematic has been identified in Revive Adserver up to 6.0.4. The impacted element is an unknown function of the file tracker-delete.php. The manipulation of the argument clientid results in authorization bypass. This vulnerability is cataloged as CVE-2026-21641. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in SiYuan up to 3.5.3. The impacted element is an unknown function of the file /api/attr/setBlockAttrs of the component Dynamic Icon Feature. Such manipulation leads to code injection. This vulnerability is documented as CVE-2026-23852. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability categorized as critical has been discovered in 10-Strike Bandwidth Monitor 3.9. This affects an unknown part. The manipulation results in buffer overflow. This vulnerability is cataloged as CVE-2020-37043. The attack must be initiated from a local position. Furthermore, there is an exploit available.

A vulnerability was found in Filigran OpenCTI 3.3.1 on Linux. It has been declared as problematic. The affected element is an unknown function of the file /graphql of the component GET Handler. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2020-37044. It is possible to launch the attack remotely. Furthermore, an exploit is available.