CVE-2026-30141

An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via a crafted GIF file...

PT-2026-48308

An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10;...

PT-2026-48274

Name of the Vulnerable Software and Affected Versions Adobe Campaign Classic ACC versions prior to 7.4.3 build 9395 Description A Server-Side Request Forgery SSRF issue exists where the server can be coerced into making unauthorized requests. This can lead to privilege escalation or arbitrary cod...

MiracleLinux 8 : [security - high] ruby:3.3, rubygem-pg-1.5.4-1.module+el8+1984+e52ed344.ML.1, ruby-3.3.10-6.module+el8+1984+e52ed344 (AXSA:2026-769:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-769:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...

Adobe Experience Manager 6.0.0.0 < 6.5.25.0 Multiple Arbitrary code execution (APSB26-57)

The version of Adobe Experience Manager installed on the remote host is prior to 6.5.25.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-57 advisory. - Cross-site Scripting Stored XSS CWE-79 potentially leading to Arbitrary code execution CVE-2026-34694 Note...

Fedora 45 : vorbis-tools (2026-9c00940406)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9c00940406 advisory. Automatic update for vorbis-tools-1.4.3-5.fc45. Changelog Tue Jun 9 2026 Luk Zaoral - 1:1.4.3-5 - CVE-2026-34253 - fix arbitrary code execution via buffer...

Oracle Linux 8 : libyang (ELSA-2026-24545)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-24545 advisory. 1.0.184-2 - DoS or arbitrary code execution via maliciously crafted LYB binary blob - Resolves: RHEL-177017 - CVE-2026-44673 Tenable has extracted the precedin...

libyang security update

1.0.184-2 - DoS or arbitrary code execution via maliciously crafted LYB binary blob - Resolves: RHEL-177017 - CVE-2026-44673...

Adobe InDesign < 20.5.4 / 21.0 < 21.4.0 Multiple Vulnerabilities (APSB26-58)

The version of Adobe InDesign installed on the remote Windows host is prior to 20.5.4, 21.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-58 advisory. - InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability...

PT-2026-48225

Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-48246

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

APSB26-58 : Security update available for Adobe InDesign

Adobe has released a security update for Adobe InDesign. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory exposure...

CVE-2026-11688

CVE-2026-11688 describes an inappropriate SVG implementation in Google Chrome prior to 149.0.7827.103 that enables a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Impact is high (C/H/I/A = 8.8 CVSS v3.1) per Chromium, with network access, no privileges, use...

CVE-2026-46285

A flaw was found in the Linux kernel's mtd: docg3 module. The docg3release function attempts to access memory that has already been deallocated, leading to a use-after-free vulnerability. This issue could allow a local attacker to cause a denial of service or potentially execute arbitrary code...

USN-8408-1 php-twig vulnerability

It was discovered that Twig did not properly validate PHP callables when using a source policy. An authenticated user could possibly use this issue to execute arbitrary code...

libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob

A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the lybreadstring function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer such as a...

Important: Red Hat Security Advisory: libyang security update

An update for libyang is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

actual Allows Electron to Run As Node

Summary A electron run as node vulnerability was identified in actual macOS application, version 25.x Electron 39.2.7. Vulnerability Type: Electron Run As Node Description ELECTRONRUNASNODE fuse enabled Electron 39.2.7 — app can be converted to Node.js REPL for arbitrary code execution Impact An...

USN-8407-1 strongswan vulnerability

Elliott Childre discovered that strongSwan incorrectly handled the cloning of certain identities. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8407-1: strongSwan vulnerability

Elliott Childre discovered that strongSwan incorrectly handled the cloning of certain identities. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code...