CVE-2026-32640

A flaw was found in the Python library, SimpleEval. A remote attacker could exploit this vulnerability by providing specially crafted input that allows dangerous modules or functions to be accessed outside of the intended sandbox environment. This could lead to arbitrary code execution within the...

Installer for IBM Trusteer Rapport may insecurely load Dynamic Link Libraries

Overview The installer for IBM Trusteer Rapport provided by IBM contains the following vulnerability. Uncontrolled search path element CWE-427 - CVE-2026-2713 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Adobe Illustrator Stack Buffer Overflow Vulnerability (CNVD-2026-14501)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. Adobe Illustrator suffers from a stack buffer overflow vulnerability vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause the application to...

MiracleLinux 9 : postgresql:15 (AXSA:2026-325:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-325:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

Canva Affinity 安全漏洞

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code using a specially crafted EMF file...

Adobe Illustrator Heap Buffer Overflow Vulnerability (CNVD-2026-14502)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...

Adobe Premiere Pro Out-of-Bounds Read Vulnerability (CNVD-2026-14503)

Adobe Premiere Pro is a set of non-linear editing video editing software from the American company Audobee Adobe. Adobe Premiere Pro suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

RHEL 9 : compat-openssl11 (RHSA-2026:4825)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:4825 advisory. The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the...

AlmaLinux 9 : compat-openssl11 (ALSA-2026:4472)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:4472 advisory. openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS12 processing CVE-2025-69419 Tenable has extracted the preceding description block...

MiracleLinux 8 : postgresql:13 (AXSA:2026-327:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-327:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

RHEL 10 : vim (RHSA-2026:4715)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4715 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' option...

MiracleLinux 9 : postgresql:16 (AXSA:2026-326:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-326:01 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

ALSA-2026:4715 Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' option processing CVE-2026-25749 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

CVE-2025-14287

A flaw was found in MLflow, a platform for managing the machine learning lifecycle. This vulnerability, known as command injection, allows an attacker to execute unauthorized commands on the system. By providing specially crafted input through the --container parameter, an attacker can bypass...

EUVD-2025-208751

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the ElementIndexesController and FieldsController components. An attacker can execute arbitrary code by...

EUVD-2026-12419

A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

EUVD-2026-12227

arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device...

EUVD-2026-12226

arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrar...

EUVD-2025-208679

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios...