Adobe Dreamweaver 21.0 < 21.8 Multiple Vulnerabilities (APSB26-62) (macOS)

The version of Adobe Dreamweaver installed on the remote macOS host is prior to 21.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-62 advisory. - Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability th...

ROS-20260609-73-0008

The vulnerability of the SQL Expressions function on the Grafana monitoring and observation platform is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code and gain unauthorized access to the platform by sending speciall...

Oracle Linux 8 : libyang (ELSA-2026-24545)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-24545 advisory. 1.0.184-2 - DoS or arbitrary code execution via maliciously crafted LYB binary blob - Resolves: RHEL-177017 - CVE-2026-44673 Tenable has extracted the precedin...

Adobe Reader < 26.001.21662 Multiple Vulnerabilities (APSB26-63)

The version of Adobe Reader installed on the remote Windows host is a version prior to 26.001.21662. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could resu...

Adobe Experience Manager 6.0.0.0 < 6.5.25.0 Multiple Arbitrary code execution (APSB26-57)

The version of Adobe Experience Manager installed on the remote host is prior to 6.5.25.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-57 advisory. - Cross-site Scripting Stored XSS CWE-79 potentially leading to Arbitrary code execution CVE-2026-34694 Note...

Adobe InCopy < 20.5.4 / 21.0 < 21.4.0 Multiple Vulnerabilities Arbitrary code execution (APSB26-59)

The version of Adobe InCopy installed on the remote host is prior to 20.5.4, 21.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-59 advisory. - Stack-based Buffer Overflow CWE-121 potentially leading to Arbitrary code execution CVE-2026-34708 - Out-of-bounds...

RHEL 10 : libyang (RHSA-2026:24758)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24758 advisory. Libyang is YANG data modeling language parser and toolkit written and providing API in C. Security Fixes: libyang: libyang: Denial of Service or...

CVE-2026-11688

CVE-2026-11688 describes an inappropriate SVG implementation in Google Chrome prior to 149.0.7827.103 that enables a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Impact is high (C/H/I/A = 8.8 CVSS v3.1) per Chromium, with network access, no privileges, use...

CVE-2026-46285

A flaw was found in the Linux kernel's mtd: docg3 module. The docg3release function attempts to access memory that has already been deallocated, leading to a use-after-free vulnerability. This issue could allow a local attacker to cause a denial of service or potentially execute arbitrary code...

USN-8408-1 php-twig vulnerability

It was discovered that Twig did not properly validate PHP callables when using a source policy. An authenticated user could possibly use this issue to execute arbitrary code...

Important: Red Hat Security Advisory: libyang security update

An update for libyang is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob

A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the lybreadstring function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer such as a...

actual Allows Electron to Run As Node

Summary A electron run as node vulnerability was identified in actual macOS application, version 25.x Electron 39.2.7. Vulnerability Type: Electron Run As Node Description ELECTRONRUNASNODE fuse enabled Electron 39.2.7 — app can be converted to Node.js REPL for arbitrary code execution Impact An...

USN-8407-1: strongSwan vulnerability

Elliott Childre discovered that strongSwan incorrectly handled the cloning of certain identities. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8407-1 strongswan vulnerability

Elliott Childre discovered that strongSwan incorrectly handled the cloning of certain identities. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2026-25856 OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

JLSEC-2026-601

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...

JLSEC-2026-607

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

USN-8399-1: Pillow vulnerabilities

It was discovered that Pillow incorrectly handled large glyph advance values in fonts. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. CVE-2026-42308 It was discovered that Pillow incorrectly handled nested coordinate lists in certain APIs. An...

USN-8397-1 jpeg-xl vulnerability

It was discovered that libjxl did not properly handle certain crafted PBM images. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service, or execute arbitrary code...