CVE-2026-27287

CVE-2026-27287 affects Adobe InCopy versions 20.5.2, 21.2 and earlier. It is an out-of-bounds read when parsing a crafted file, potentially allowing code execution in the context of the current user. Exploitation requires user interaction (the victim must open a malicious file); attack vector is ...

EUVD-2026-22432

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-32703

Name of the Vulnerable Software and Affected Versions InDesign Desktop versions 20.5.2 and 21.2 and earlier Description An out-of-bounds write occurs when a program writes data past the end of the intended buffer. This issue could result in arbitrary code execution in the context of the current...

UBUNTU-CVE-2022-3873

Cross-site Scripting XSS - DOM in GitHub repository jgraph/drawio prior to 20.5.2...

PT-2022-24545 · Drawio · Drawio

Name of the Vulnerable Software and Affected Versions: drawio versions prior to 20.5.2 Description: The issue is related to Cross-site Scripting XSS - DOM, which occurs when an application includes user input in its output without proper validation or escaping. This allows an attacker to inject...