EUVD-2026-2042

Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-37186 Local Privilege Escalation Vulnerability in HPE Aruba Networking Virtual Intranet Access (VIA) Client for Linux

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...

CVE-2025-37186

CVE-2025-37186 is a local privilege-escalation vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client. The Red Hat, NVD, CVE List and other feeds describe an ability for a local attacker to achieve arbitrary code execution with root privileges, via a local attack vector (n...

CVE-2026-21305

Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-21287

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-37169

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system...

CVE-2025-37169 Stack Overflow Vulnerability in AOS-10 Web-Based Management Interface

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system...

CVE-2026-21306

CVE-2026-21306 affects Adobe Substance 3D Sampler versions 5.1.0 and earlier. The issue is an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Remediation is ava...

CVE-2026-21305

Summary: CVE-2026-21305 affects Substance3D Painter (version 11.0.3 and earlier). The issue is an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The CVSS base ...

CVE-2026-21268

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is...

CVE-2026-21271

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is...

Envoy Extension Policy lua scripts injection causes arbitrary command execution

Impact Envoy Gateway allows users to create Lua scripts that are executed by Envoy proxy using the EnvoyExtensionPolicy resource. Administrators can use Kubernetes RBAC to grant users the ability to create EnvoyExtensionPolicy resources. Lua scripts in policies are executed in two contexts: An...

CVE-2026-21280

Adobe Illustrator 29.8.3, 30.0 and earlier are affected by CVE-2026-21280, an Untrusted Search Path vulnerability that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the attacker must entice the victim to open a malicious file, and...

CVE-2026-21277

Summary: CVE-2026-21277 affects Adobe InDesign Desktop (versions 21.0, 19.5.5 and earlier). A heap-based buffer overflow could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a specially crafted file. Multiple sources...

CVE-2026-21276 InDesign Desktop | Access of Uninitialized Pointer (CWE-824)

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-21267

Dreamweaver Desktop (Windows/macOS)

CVE-2026-21267 Dreamweaver Desktop | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim...

CVE-2026-21267 Dreamweaver Desktop | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim...

CVE-2026-21271

Dreamweaver Desktop (Windows/macOS) versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that can lead to arbitrary code execution in the context of the current user when a user opens a malicious file. The issue requires user interaction and has been fixed in newer...

CVE-2026-21271 Dreamweaver Desktop | Improper Input Validation (CWE-20)

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is...