CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

Adobe After Effects 输入验证错误漏洞

Adobe After Effects is a visual effects and dynamic graphics production software developed by Adobe, Inc. in the United States. This software is primarily used for 2D and 3D compositing, animation production, and visual effects creation. Versions of Adobe After Effects such as 26.0, 25.6.4, and...

PT-2026-40171

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-40326

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-40057

The load model function in the neural magic training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a state dict.pt file via torch.load, the function does...

CVE-2026-31218

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

ludwig 安全漏洞

Ludwig is an open-source declarative deep learning framework developed by Ludwig. Versions of Ludwig 0.10.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the model service component using torch.load without enabling the weightsonly=True parameter when loading model...

kubectl-mcp-server 安全漏洞

kubectl-mcp-server is a tool developed by Rohit Ghumare, a personal developer, for managing Kubernetes clusters using natural language. Version 1.1.1 of kubectl-mcp-server contains a security vulnerability. This vulnerability allows attackers to execute arbitrary code on the victim’s system throu...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from stack buffer overflows in several underlying...

PT-2026-40428

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed...

CVE-2026-31217

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...

PT-2026-40056

Name of the Vulnerable Software and Affected Versions optimate versions prior to commit a6d302f912b481c94370811af6b11402f51d377f Description The load model function in the neural magic training.py script allows arbitrary code execution. When a directory path is supplied via the --model command-li...

CVE-2026-31219

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...

PT-2026-40047

An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file...

Guardrails 安全漏洞

Guardrails is a Python framework open source by Guardrails AI. Versions of Guardrails 0.6.7 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the Hub package installation mechanism, which retrieved lists from the Guardrails Hub when installing the validationer...

Adobe Substance3D Designer 缓冲区错误漏洞

Adobe Substance3D Designer is a texture and material creation software developed by Adobe Inc. Versions of Adobe Substance3D Designer 15.1.0 and earlier contain a buffer error vulnerability, which stems from out-of-buffer writes, potentially allowing arbitrary code to execute in the current user...

PT-2026-41384

Уязвимость программы для создания текстур и материалов для 3D моделей Adobe Substance 3D Sampler связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код...

PT-2026-40062

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

CVE-2026-31235

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augmentimagesworker method without any safety...

PT-2026-40367

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...