PT-2026-22682

Name of the Vulnerable Software and Affected Versions mem protect affected versions not specified Description A logic error exists in multiple functions within the mem protect.c file, potentially allowing for arbitrary code execution. Successful exploitation could lead to local privilege escalati...

Microsoft Hyper-V Code Execution Vulnerability (CNVD-2026-17151)

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. A code execution vulnerability exists in Microsoft Hyper-V, which can be exploited by an attacker to execute arbitrary code on a system...

Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability

Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated to the 3D scene set, lighting settings and high-quality rendering of professional software. An out-of-bounds write vulnerability exists in Adobe Substance 3D Stager 3.1.6 and earlier versions, which can ...

Adobe After Effects has an out-of-bounds write vulnerability

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds write vulnerability exists in Adobe After Effects 25.6 and...

Adobe After Effects suffers from an out-of-bounds write vulnerability (CNVD-2026-12691)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds write vulnerability exists in Adobe After Effects 25.6 and...

D-Link DWR-M960 formDdns File Buffer Overflow Vulnerability

The D-Link DWR-M960 is a router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DWR-M960 formDdns file. The vulnerability stems from a misbehavior of the function sub4648F0 in the file /boafrm/formDdns in the DDNS Settings Handler component with respect to the...

PT-2026-22612

Name of the Vulnerable Software and Affected Versions sourcecodester Personnel Property Equipment System version 1.0 Description The software contains a flaw that allows for arbitrary code execution. This issue is present in the 'ip/ppes/admin/admin change picture.php' component. Recommendations ...

CVE-2026-26699

CVE-2026-26699 affects sourcecodester Personnel Property Equipment System v1.0. Multiple sources report an arbitrary code execution vulnerability in ip/ppes/admin/admin_change_picture.php. The Red Hat/CIRCL/NVD entries confirm the vulnerable component, but do not provide detailed root-cause speci...

OpenClaw OS Command Injection Vulnerability (CNVD-2026-13373)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability that stems from the failure of maintainer/developer scripts/update-clawtributors.ts to properly filter construct command special characters, commands...

RHEL 8 : openssl (RHSA-2026:3364)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3364 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : rlottie vulnerabilities (USN-8058-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8058-1 advisory. It was discovered that rlottie did not properly handle certain inputs. An attacker could use this issue to cause a denial...

Debian dla-4495 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4495 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4495-1 [email protected]...

RHEL 8 : openssl (RHSA-2026:3437)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3437 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

[SECURITY] [DSA 6152-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6152-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 28, 2026 https://www.debian.org/security/faq -...

CVE-2026-2680

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.wolterskluwer.es//incomes/salesDeliveryNotes' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

Exploit for CVE-2025-70341

CVE-2025-70341: Insecure Permissions + Arbitrary Code Executio...

CVE-2026-25191

The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privileg...

EUVD-2026-9007

IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege...

CVE-2026-27776

CVE-2026-27776 affects the IM-LogicDesigner module of the intra-mart Accel Platform. The issue is an insecure deserialization flaw that can be exploited when IM-LogicDesigner is deployed on the system. Arbitrary code execution is possible if a crafted file is imported by a user with administrativ...

CVE-2026-27776

IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege...