APSB26-58 : Security update available for Adobe InDesign

Adobe has released a security update for Adobe InDesign. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory exposure...

APSB26-64 : Security update available for Adobe ColdFusion

Adobe has released security updates for ColdFusion versions 2025 and 2023. These updates resolves critical and important vulnerabilities that could lead to arbitrary code execution, privilege escalation, arbitrary file system read, and security feature bypass...

APSB26-59 : Security update available for Adobe InCopy

Adobe has released a security update for Adobe InCopy. This update addresses critical vulnerabilities that could lead to arbitrary code execution...

Adobe InCopy < 20.5.4 / 21.0 < 21.4.0 Multiple Vulnerabilities Arbitrary code execution (APSB26-59)

The version of Adobe InCopy installed on the remote host is prior to 20.5.4, 21.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-59 advisory. - Stack-based Buffer Overflow CWE-121 potentially leading to Arbitrary code execution CVE-2026-34708 - Out-of-bounds...

RHEL 10 : libyang (RHSA-2026:24758)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24758 advisory. Libyang is YANG data modeling language parser and toolkit written and providing API in C. Security Fixes: libyang: libyang: Denial of Service or...

Adobe Experience Manager 6.0.0.0 < 6.5.25.0 Multiple Arbitrary code execution (APSB26-57)

The version of Adobe Experience Manager installed on the remote host is prior to 6.5.25.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-57 advisory. - Cross-site Scripting Stored XSS CWE-79 potentially leading to Arbitrary code execution CVE-2026-34694 Note...

PT-2026-47958

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

EulerOS 2.0 SP11 : libtiff (EulerOS-SA-2026-2215)

According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile...

MiracleLinux 8 : ruby:3.3 (AXSA:2026-769:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-769:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...

Adobe Acrobat < 24.001.30383 / 26.001.21662 Multiple Vulnerabilities (APSB26-63)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 24.001.30383 or 26.001.21662. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerabilit...

APSB26-63 : Security update available for Adobe Acrobat Reader

Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, application denial-of-service, and memory exposure...

CVE-2026-11688

CVE-2026-11688 describes an inappropriate SVG implementation in Google Chrome prior to 149.0.7827.103 that enables a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Impact is high (C/H/I/A = 8.8 CVSS v3.1) per Chromium, with network access, no privileges, use...

CVE-2026-11641

Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-46285

A flaw was found in the Linux kernel's mtd: docg3 module. The docg3release function attempts to access memory that has already been deallocated, leading to a use-after-free vulnerability. This issue could allow a local attacker to cause a denial of service or potentially execute arbitrary code...

USN-8408-1: Twig vulnerability

It was discovered that Twig did not properly validate PHP callables when using a source policy. An authenticated user could possibly use this issue to execute arbitrary code...

USN-8408-1 php-twig vulnerability

It was discovered that Twig did not properly validate PHP callables when using a source policy. An authenticated user could possibly use this issue to execute arbitrary code...

Important: Red Hat Security Advisory: libyang security update

An update for libyang is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob

A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the lybreadstring function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer such as a...

actual Allows Electron to Run As Node

Summary A electron run as node vulnerability was identified in actual macOS application, version 25.x Electron 39.2.7. Vulnerability Type: Electron Run As Node Description ELECTRONRUNASNODE fuse enabled Electron 39.2.7 — app can be converted to Node.js REPL for arbitrary code execution Impact An...

USN-8407-1 strongswan vulnerability

Elliott Childre discovered that strongSwan incorrectly handled the cloning of certain identities. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code...