Arbitrary Code Execution

ingress-nginx is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper sanitization of the rules.http.paths.path Ingress field, where attacker-controlled values can inject arbitrary NGINX configuration, enabling execution of commands in the ingress-nginx controller context...

CVE-2026-25655

A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...

CVE-2026-22923

A vulnerability has been identified in NX All versions V2512, NX Managed Mode All versions V2512. The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially...

CVE-2026-25656

CVE-2026-25656 affects SINEC NMS User Management Component (UMC) across all versions and all SINEC NMS deployments where UMC is

CVE-2026-25655

A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...

CVE-2026-22923

A vulnerability has been identified in NX All versions V2512, NX Managed Mode All versions V2512. The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially...

CVE-2026-22923

CVE-2026-22923 affects NX (All versions

USN-8021-1 imagemagick vulnerability

Benny Isaacs discovered that ImageMagick did not properly manage memory when processing certain image files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

CVE-2026-2097

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-2097 Flowring｜Agentflow - Arbitrary File Upload

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

Affected Software: Google Chrome prior to version 121.0.6167.8...

SUSE CVE-2026-1615

Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can...

Adobe After Effects 缓冲区错误漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds write vulnerability exists in Adobe After Effects 25.6 and...

PT-2026-7380

After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-7426

Name of the Vulnerable Software and Affected Versions Bridge versions 15.1.3 and 16.0.1 and earlier Description The software contains an out-of-bounds write issue that may allow for arbitrary code execution with the privileges of the current user. A user must open a specially crafted file to...

Adobe After Effects 安全漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A type confusion vulnerability exists in Adobe After Effects, which can be...

Flowring Agentflow 代码问题漏洞

Flowring Agentflow is an intelligent process automation RPA platform developed by Flowring Corporation in China. There are code-related vulnerabilities in Flowring Agentflow. These vulnerabilities stem from arbitrary file uploads, which may allow authenticated remote attackers to upload and execu...

PT-2026-7423

Name of the Vulnerable Software and Affected Versions Substance3D - Stager versions 3.1.6 and earlier Description The software contains a flaw that allows for writing data outside the intended memory boundaries. Successful exploitation of this issue could lead to arbitrary code execution with the...

PT-2026-7381

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Adobe Lightroom Desktop 缓冲区错误漏洞

Adobe Lightroom Desktop is a professional photo management and editing software from the American company Audobee Adobe, designed to provide photographers and image editors with powerful workflow and editing tools. Adobe Lightroom Desktop suffers from an out-of-bounds write vulnerability that can...