APSB26-18 : Security update available for Adobe Illustrator

Adobe has released an update for Adobe Illustrator. This update resolves important and critical vulnerabilities that could lead to arbitrary code execution and memory exposure...

APSB26-05 : Security update available for Adobe Commerce

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important, and moderate vulnerabilities. Successful exploitation could lead to security feature bypass, application denial-of-service, privilege escalation, arbitrary code execution, an...

APSB26-24 : Security update available for Adobe Experience Manager

Adobe has released updates for Adobe Experience Manager AEM. This update resolves vulnerabilities rated important. Successful exploitation of these vulnerabilities could result in arbitrary code execution...

Adobe Illustrator < 29.8.5 / 30.0 < 30.2 Multiple Vulnerabilities (APSB26-18)

The version of Adobe Illustrator installed on the remote Windows host is prior to 29.8.5, 30.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-18 advisory. - Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that...

Adobe Premiere Pro < 25.6 Arbitrary code execution (APSB26-28)

The version of Adobe Premiere Pro installed on the remote Windows host is prior to 25.6. It is, therefore, affected by a vulnerability as referenced in the APSB26-28 advisory. - Out-of-bounds Read CWE-125 potentially leading to Arbitrary code execution CVE-2026-27269 Note that Nessus has not test...

Resource Injection

Overview Affected versions of this package are vulnerable to Resource Injection via the buildProxyPass function. An attacker can execute arbitrary code and access sensitive information by injecting malicious configuration into the nginx controller process. Remediation Upgrade...

Resource Injection

Overview Affected versions of this package are vulnerable to Resource Injection via the buildProxyPass function. An attacker can execute arbitrary code and access sensitive information by injecting malicious configuration into the nginx controller process. Remediation Upgrade...

[SECURITY] [DSA 6158-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6158-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 09, 2026 https://www.debian.org/security/faq -...

CVE-2026-3288

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

EUVD-2025-208439

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code...

EUVD-2026-10342

MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable...

EUVD-2025-208438

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code...

CVE-2025-70038

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code...

CVE-2025-70038

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code...

kernel: Linux kernel use-after-free in eventpoll

A flaw was found in the Linux kernel's eventpoll epoll mechanism. A local attacker could exploit a use-after-free vulnerability due to incorrect handling of the 'ep' refcount while the 'ep' mutex is still held. This can lead to memory corruption, potentially allowing the attacker to achieve...

kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution

A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database...

CVE-2026-25866

MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable...