30548 matches found
BIT-GOLANG-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
VulnCheck KEV: CVE-2020-9715
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution...
Adobe Acrobat and Reader Prototype Pollution Vulnerability
Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution...
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621 , carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an...
EUVD-2026-21675
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...
CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...
CVE-2026-34621 Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...
CVE-2026-34621 Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...
CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...
CVE-2026-34621
CVE-2026-34621 — Adobe Acrobat/Reader Prototype Pollution affects Acrobat Reader DC/Acrobat DC on Windows and macOS. Affected: Acrobat Reader DC 26.001.21367 and earlier; Acrobat DC 26.001.21367 and earlier; Acrobat 2024 24.001.30356 and earlier. Root cause: Improperly Controlled Modification of ...
Adobe Reader < 26.001.21411 Vulnerability (APSB26-43)
The version of Adobe Reader installed on the remote Windows host is a version prior to 26.001.21411. It is, therefore, affected by a vulnerability. - Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes...
Adobe Acrobat Reader 安全漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30356, 26.001.21367, and earlier versions have security vulnerabilities. These...
KLA90977 ACE vulnerability in Adobe Acrobat Reader
A remote code execution vulnerability was found in Adobe Acrobat Reader. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories APSB26-43 Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware i...
Adobe Reader < 26.001.21411 Vulnerability (APSB26-43) (macOS)
The version of Adobe Reader installed on the remote macOS host is a version prior to 26.001.21411. It is, therefore, affected by a vulnerability. - Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes...
APSB26-43 : Security update available for Adobe Acrobat Reader
Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary code execution...
SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`
Summary The endpoint /api/av/removeUnusedAttributeView is vulnerable to a path traversal CWE-22 that allows an attacker to delete arbitrary .json files on the server. The issue arises because user-controlled input id is directly used in filesystem path construction without validation or...
GHSA-VW86-C94W-V3X4 SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`
Summary The endpoint /api/av/removeUnusedAttributeView is vulnerable to a path traversal CWE-22 that allows an attacker to delete arbitrary .json files on the server. The issue arises because user-controlled input id is directly used in filesystem path construction without validation or...
SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView`
Summary An authenticated publish-service reader can invoke /api/av/removeUnusedAttributeView and cause persistent deletion of arbitrary attribute view AV definition files from the workspace. The route is protected only by generic CheckAuth, which accepts publish RoleReader requests. The handler...
GHSA-7M5H-W69J-QGGG SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView`
Summary An authenticated publish-service reader can invoke /api/av/removeUnusedAttributeView and cause persistent deletion of arbitrary attribute view AV definition files from the workspace. The route is protected only by generic CheckAuth, which accepts publish RoleReader requests. The handler...
CVE-2026-33551
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...