CVE-2026-25856 OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

SUSE CVE-2026-33375

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

CVE-2026-33375

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

EUVD-2025-13542

Malicious code in bioql PyPI...

CVE-2024-49842

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions...

CVE-2024-49842

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions...

CVE-2024-49842 Improper Access Control in Hypervisor

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions...

CVE-2024-49842

Technical details about CVE-2024-49842 are not publicly provided in the connected documents. Monitor for updates.

PT-2025-4305 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 2.1.2 Description: Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When a request with the Authorization header is sent to one domain and the response asks to redirect to a different...

CVE-2022-41678 Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

(Pwn2Own) Adobe Acrobat Reader DC Object Prototype Pollution API Restrictions Bypass

This vulnerability allows remote attackers to bypass API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

(Pwn2Own) Adobe Acrobat Reader DC AnnotsString Prototype Pollution API Restrictions Bypass Vulnerability

This vulnerability allows remote attackers to bypass API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2023-4121 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeco BioTime version 8.5.5 Description: A path traversal vulnerability in the iclock API allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. The vulnerability is related to errors in processing relative...

CVE-2023-26405 ZDI-CAN-20712: Object Prototype pollution which leads to API Restrictions Bypass

Adobe Acrobat Reader versions 23.001.20093 and earlier and 20.005.30441 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...

SUSE CVE-2015-6717

The DynamicAnnotStore method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API...

SUSE CVE-2015-6721

The CBSharedReviewSecurityDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScrip...

CVE-2022-21626

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...

Prototype Pollution

json-pointer is vulnerable to prototype pollution. The vulnerability exists as it does not restrict the proto, constructor, and prototype header values to be set through the API...

CVE-2019-12277

Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname...

Adobe Reader DC Name Squatting JavaScript Restrictions Bypass Vulnerability

This vulnerability allows remote attackers to bypass JavaScript API restrictions on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to a...