CVE-2026-27220 Acrobat Reader | Use After Free (CWE-416)

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

GO-2026-4592 SiYuan's direct SQL Query API accessible to Reader-level users enables unauthorized database access in github.com/siyuan-note/siyuan/kernel

SiYuan's direct SQL Query API accessible to Reader-level users enables unauthorized database access in github.com/siyuan-note/siyuan/kernel...

CVE-2026-31797 iccDEV has a heap out-of-bounds read in CTiffImg::ReadLine()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CTiffImg::ReadLine when iccApplyProfiles processes a crafted TIFF image, causing memory disclosure or crash. This vulnerability is fixed in 2.3.1.5...

Adobe Reader < 25.001.21288 Multiple Vulnerabilities (APSB26-26)

The version of Adobe Reader installed on the remote Windows host is a version prior to 25.001.21288. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could...

Adobe Acrobat Reader 资源管理错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30307, 24.001.30308, 25.001.21265, and earlier versions have a resource management vulnerability. This...

EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-1240)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a respon...

EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-1276)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a respon...

Adobe Acrobat Reader 信任管理问题漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30307, 24.001.30308, 25.001.21265, and earlier versions have vulnerabilities related to tru...

APSB26-26 : Security update available for Adobe Acrobat Reader

Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and privilege escalation...

PT-2026-24470

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30307 through 25.001.21265 Description Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are susceptible to a Use After Free issue. Successful exploitation of this issue could lead to...

PT-2026-24469

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue...

PT-2026-24468

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30307 through 25.001.21265 Description A Use After Free issue exists in Acrobat Reader that may allow for arbitrary code execution with the privileges of the current user. Successful exploitation of this issue...

EUVD-2026-10394

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow flaw has been discovered in FreeRDP. In affected versions RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array...

CVE-2026-3816

A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...

CVE-2026-29190

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

Broken Access: On the Challenges of Screen Reader Assisted Two-Factor and Passwordless Authentication

In today's technology-driven world, web services have opened up new opportunities for blind and visually impaired people to interact independently. Securing interactions with these services is crucial; however, currently deployed authentication mainly concentrate on sighted users, overlooking the...

CVE-2026-29190

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

CVE-2026-29190

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

CVE-2026-29190 Karapace: Path Traversal in Backup Reader

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...