CVE-2026-40409

Technical details for CVE-2026-40409 are not publicly available in the provided documents. Monitor for updates from Microsoft/NVD for affected products, root cause, impact, and remediation.

CVE-2026-42767

The CVE-2026-42767 issue affects the OpenSSL CMP client: processing a CRMF CertRepMessage with EncryptedValue where symmAlg has an OID but no parameters can trigger a NULL pointer dereference, crashing the CMP client and enabling DoS. The vulnerability is due to improper handling during CMP respo...

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

...

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

...

CVE-2026-11786

CVE-2026-11786 affects the 389 Directory Server (389-ds-base). The issue is a heap-out-of-bounds read in the LDIF parser when processing attribute types with trailing semicolons during database import, traced to ldif parser function str2entry_state_information_from_type(). Consequences are descri...

CVE-2026-41006

Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3...

EUVD-2026-35270

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

EulerOS 2.0 SP11 : libarchive (EulerOS-SA-2026-2210)

According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing...

PT-2026-47776

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw exists in the LDIF parser where it reads past the end of a heap buffer when processing attribute types that contain trailing semicolons during a database import. This...

TIFF/DNG Metadata Scanner for Structural Validation and Suspicious Tag Detection

This C program implements a lightweight metadata scanner for TIFF-based DNG files that performs basic structural validation and heuristic analysis of Image File Directory IFD entries. The tool reads TIFF headers, enumerates metadata tags, and evaluates entries against simple consistency rules to...

Microsoft Windows Universal Disk Format File System Driver 安全漏洞

The Microsoft Windows Universal Disk Format File System Driver is an open-source Windows file system driver developed by Microsoft. There is a security vulnerability in the Microsoft Windows Universal Disk Format File System Driver, which may allow authorized attackers to gain local privileges...

PT-2026-48277

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Adobe Format Plugins 安全漏洞

Adobe Format Plugins is a format plugin developed by Adobe Inc. Versions of Adobe Format Plugins prior to 1.1.2 contained security vulnerabilities; these vulnerabilities were caused by heap buffer overflows, which could allow arbitrary code to be executed in the current user environment...

PT-2026-48276

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

image-size 安全漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size from 1.1.0 to 1.2.1 and from 2.0.0 to 2.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the findBox function, which had a denial-of-service vulnerability when processin...

PT-2026-47871

Name of the Vulnerable Software and Affected Versions Windows Universal Disk Format File System Driver UDFS affected versions not specified Description An elevation-of-privilege issue exists in the Windows Universal Disk Format File System Driver UDFS, which allows attackers to gain higher...

Synthetic TIFF Corpus Generator for Parser Validation and Boundary Condition Testing

This Python script generates a small corpus of synthetic TIFF-like files designed for validating parser behavior across different image dimension scenarios...

Adobe USD-Fileformat-plugins Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within t...

FreeBSD Security Advisory - FreeBSD-SA-26:32.elf

FreeBSD Security Advisory - The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen...

Adobe Format Plugins 安全漏洞

Adobe Format Plugins is a format plugin developed by Adobe Inc. Versions of Adobe Format Plugins prior to 1.1.2 contained security vulnerabilities; these vulnerabilities were caused by heap buffer overflows, which could allow arbitrary code to be executed in the current user environment...