7772 matches found
CVE-2026-50163
The CVE concerns the oras-go library (OCI artifacts) prior to version 2.6.2, where ensureLinkPath in content/file/utils.go can return an unresolved hardlink target. During tar extraction, a hardlink entry with a relative Linkname could be resolved against the process CWD, allowing a path like pay...
EUVD-2026-45290
Acrobat Reader is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-63093 Cursor for Windows 3.2.16 RCE via Malicious git.exe in Workspace
Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...
CVE-2026-62226
OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to properly validate current-tab URL checks. Attackers with lower-trust access or configured input paths can perform actions requiring stronger authorization or policy checks...
EUVD-2026-45114
OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to properly validate current-tab URL checks. Attackers with lower-trust access or configured input paths can perform actions requiring stronger authorization or policy checks...
CVE-2026-62226 OpenClaw 2026.3.28 < 2026.5.19 Authorization Bypass via Browser Act Route
OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to properly validate current-tab URL checks. Attackers with lower-trust access or configured input paths can perform actions requiring stronger authorization or policy checks...
Malicious code in @leviosa86com/leviosa86-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96264a8719e17bd8ec21d47213fe31dec87445e01ff312a1e46af5819e028979 Package @leviosa86com/[email protected] ships src/poc/index.js which shells out via childprocess.exec to collect host identifiers hostname, pwd,...
EUVD-2026-44527
CAI Content Credentials is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access o...
EUVD-2026-44563
Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-48287
CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must...
CVE-2026-48287
CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must...
CVE-2026-48343
Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-48344
Creative Cloud Desktop is affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user...
CVE-2026-48325
ColdFusion is affected by a Missing Authentication for Critical Function vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48340
Bridge is affected by an Untrusted Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-48319
ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48322
ColdFusion is affected by an Improper Control of Generation of Code 'Code Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48274
After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-48272
Creative Cloud Desktop is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scop...
CVE-2026-48275 Illustrator | Untrusted Search Path (CWE-426)
Illustrator is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed...