CVE-2026-21312 Audition | Out-of-bounds Write (CWE-787)

Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Arbitrary Code Execution

ingress-nginx is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper sanitization of the rules.http.paths.path Ingress field, where attacker-controlled values can inject arbitrary NGINX configuration, enabling execution of commands in the ingress-nginx controller context...

CVE-2026-25655

A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...

CVE-2026-22923

A vulnerability has been identified in NX All versions V2512, NX Managed Mode All versions V2512. The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially...

CVE-2026-25656

CVE-2026-25656 affects SINEC NMS User Management Component (UMC) across all versions and all SINEC NMS deployments where UMC is

CVE-2026-25655

A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...

CVE-2026-22923

A vulnerability has been identified in NX All versions V2512, NX Managed Mode All versions V2512. The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially...

CVE-2026-22923

CVE-2026-22923 affects NX (All versions

USN-8021-1 imagemagick vulnerability

Benny Isaacs discovered that ImageMagick did not properly manage memory when processing certain image files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

CVE-2026-2097

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-2097 Flowring｜Agentflow - Arbitrary File Upload

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

Affected Software: Google Chrome prior to version 121.0.6167.8...

SUSE CVE-2026-1615

Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can...

PT-2026-7380

After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Flowring Agentflow 代码问题漏洞

Flowring Agentflow is an intelligent process automation RPA platform developed by Flowring Corporation in China. There are code-related vulnerabilities in Flowring Agentflow. These vulnerabilities stem from arbitrary file uploads, which may allow authenticated remote attackers to upload and execu...

KLA90877 ACE vulnerability in Microsoft Copilot Plugin

A remote code execution vulnerability was found in Microsoft Copilot Studio. Malicious users can exploit this vulnerability to execute arbitrary code, bypass security restrictions. Original advisories CVE-2026-21516 Exploitation Related products GitHub-Copilot-Plugin CVE list CVE-2026-21516...

Adobe After Effects 缓冲区错误漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds write vulnerability exists in Adobe After Effects 25.6 and...

Adobe After Effects 缓冲区错误漏洞

Adobe After Effects is a visual effects and dynamic graphics production software developed by Adobe, Inc. in the United States. This software is primarily used for 2D and 3D compositing, animation production, and visual special effects. Versions of Adobe After Effects prior to 25.6 contained a...

Adobe After Effects 资源管理错误漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects 25.6 and earlier versions suffer from a Memory Free Aft...

Adobe After Effects 安全漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A type confusion vulnerability exists in Adobe After Effects, which can be...