CVE-2026-23703

The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege...

EUVD-2026-9007

IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege...

CVE-2026-27776

IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege...

CVE-2026-27776

IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege...

CVE-2026-27776

CVE-2026-27776 affects the IM-LogicDesigner module of the intra-mart Accel Platform. The issue is an insecure deserialization flaw that can be exploited when IM-LogicDesigner is deployed on the system. Arbitrary code execution is possible if a crafted file is imported by a user with administrativ...

IM-LogicDesigner module of intra-mart Accel Platform vulnerable to untrusted data deserialization

Overview IM-LogicDesigner module of intra-mart Accel Platform provided by NTT DATA INTRAMART Corporation contains the following vulnerability. Untrusted data deserialization CWE-502 - CVE-2026-27776 This can be exploited only when IM-LogicDesigner is deployed Masataka Sagami reported this...

CVE-2026-27653

The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges...

CVE-2026-27653

The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges...

CVE-2026-27653

CVE-2026-27653 concerns installers for multiple Soliton Systems K.K. products that contain incorrect default permissions, enabling arbitrary code execution with SYSTEM privileges. The issue is documented in NVD/CVE references as affecting Soliton installers; root cause is permission misconfigurat...

CVE-2025-50857

ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...

SUSE CVE-2026-28296

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...

NTT DATA INTRAMART intra-mart Accel Platform 代码问题漏洞

NTT DATA INTRAMART intra-mart Accel Platform is a digital transformation system development platform owned by NTT DATA INTRAMART in Japan. There are code vulnerabilities within the NTT DATA INTRAMART intra-mart Accel Platform; these vulnerabilities stem from insecure deserialization issues, which...

CVE-2026-28211

The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...

CVE-2026-27497

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues...

CVE-2026-28211 Arbitrary code execution in log reader via untrusted log file

The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...

CVE-2026-28211

The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...

CVE-2026-28211

The CVE affects the NVDA Dev & Test Toolbox add-on (Log Reader feature) with versions 2.0–8.0. Reading a crafted log file via log reading commands triggers unsafe evaluation of Python expressions embedded in log entries, allowing attacker-controlled code to execute with the current user’s privile...

CVE-2026-28211 Arbitrary code execution in log reader via untrusted log file

The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user reads it with log...

EUVD-2026-8882

Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application com.unitree.doggo2, are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLi...

CVE-2026-27509

Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 EDU do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programmingactuator/request handled by actuatormanager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publi...