Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001353)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001353 advisory. The eBPF RINGBUF bpfringbufreserve function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to...

Adobe InDesign < 20.5.1 / 21.0 < 21.1.0 Multiple Vulnerabilities (APSB26-02) (macOS)

The version of Adobe InDesign installed on the remote macOS host is prior to 20.5.1, 21.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-02 advisory. - InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow...

MiracleLinux 3 : libvorbis-1.1.2-3.3.1AXS3 (AXSA:2009-385:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-385:01 advisory. The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and...

MiracleLinux 3 : kernel-2.6.18-194.5.AXS3 (AXSA:2010-440:14)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2010-440:14 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating system:...

MiracleLinux 4 : libexif-0.6.21-5.AXS4 (AXSA:2012-974:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-974:01 advisory. Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you t...

Adobe Bridge 15.1.2 < 15.1.3 / 16.x < 16.0.1 Vulnerability (APSB26-07)

The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 15.1.3 or 16.0.1. It is, therefore, affected by a vulnerability as referenced in the apsb26-07 advisory. - Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability tha...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001709)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001709 advisory. Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the badflpintr function. By executi...

MiracleLinux 3 : libpng-1.2.10-7.1.2.1AXS3 (AXSA:2009-25:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-25:01 advisory. The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped...

Adobe Illustrator < 29.8.4 / 30.0 < 30.1 Multiple Vulnerabilities (APSB26-03)

The version of Adobe Illustrator installed on the remote Windows host is prior to 29.8.4, 30.1. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-03 advisory. - Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability th...

MiracleLinux 3 : ghostscript-8.15.2-9.4.4.1AXS3 (AXSA:2009-29:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-29:01 advisory. Ghostscript is a set of software that provides a PostScriptTM interpreter, a set of C procedures the Ghostscript library, which implements the graphic...

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, this could...

CVE-2024-14021

LlamaIndex run-llama/llamaindex versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.loadfromdisk in llamaindex/indices/managed/bgem3/base.py. The function uses pickle.load to deserialize multiembedstore.pkl from a user-supplied persistdir without...

CVE-2023-54334

Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler SEH records that allows attackers to execute arbitrary code. Attackers can exploit the vulnerability by providing a long file name argument over 396 characters to corrupt the SEH chain and potentially...

CVE-2022-50933

Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions...

CVE-2022-50922

Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory with a specially crafted registration code. Attackers can generate a payload that overwrites the application's memory stack, potentially enabling remote cod...

CVE-2022-50921

WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during...

CVE-2026-22686 Sandbox Escape via Host Error Prototype Chain in enclave-vm

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails,...

CVE-2025-66939

Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file...

CVE-2022-50923 Cobian Backup 0.9 - Unquoted Service Path

Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions...

CVE-2022-50921 WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path

WOW21 5.0.1.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during...