743 matches found
EUVD-2026-11049
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker attacker to inject malicious scripts into vulnerable form fields. Exploitation of...
CVE-2026-27268
Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a vict...
CVE-2026-3786
A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...
EUVD-2026-10338
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS...
CVE-2026-3786 EasyCMS Request Parameter RbacuserAction.class.php sql injection
A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...
CVE-2026-0007
Consolidated sources describe CVE-2026-0007 as a vulnerability in WindowInfo.cpp, writeToParcel, enabling a tapjacking/overlay attack that could grant permissions and allow local elevation of privilege without additional execution privileges. Exploitation details are not provided in the Initial d...
CVE-2025-48582
In multiple locations, there is a possible way to delete media without the MANAGEEXTERNALSTORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-20429
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535...
CVE-2026-20424
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540...
CVE-2026-20445
The CVE-2026-20445 vulnerability affects the MDDP component, where a race condition can cause a system crash leading to local denial of service when the attacker already has System privileges. Exploitation does not require user interaction. The issue is associated with a patch identified as ALPS1...
CVE-2026-20442
In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723...
EUVD-2026-9166
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803...
CVE-2026-20427
CVE-2026-20427 represents a local privilege escalation caused by a missing bounds check in the display path. The issue could allow a malicious actor who has already obtained System privileges to elevate further without user interaction. The description does not specify affected products or compon...
PT-2026-22562
In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843...
PT-2026-22563
In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835...
CVE-2026-2244
Summary: CVE-2026-2244 affects Google Cloud Vertex AI Workbench. A vulnerability existed from 2025-07-21 to 2026-01-30 that allowed an attacker to exfiltrate valid Google Cloud access tokens of other users by abusing a built-in startup script. The exposure could enable unauthorized access to toke...
PT-2026-22149
Name of the Vulnerable Software and Affected Versions Google Cloud Vertex AI Workbench versions 7/21/2025 through 01/30/2026 Description A flaw exists in Google Cloud Vertex AI Workbench that enables an attacker to obtain legitimate Google Cloud access tokens belonging to other users. This is...
CVE-2026-2044
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...
CVE-2026-2045 GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ...
CVE-2026-0777
CVE-2026-0777 describes an RCE in Xmind due to insufficient UI warnings when handling attachments. The flaw exists in the attachments workflow: opening an attachment does not warn the user about unsafe actions, allowing an attacker to execute code in the context of the current user after the targ...