CVE-2025-48515

Insufficient parameter sanitization in AMD Secure Processor ASP Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution...

CVE-2026-21349 Lightroom Desktop | Out-of-bounds Write (CWE-787)

Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-36355

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 sleep wake up, potentially resulting in arbitrary code execution...

CVE-2024-36355

CVE-2024-36355 is an AMD SMM-related vulnerability: improper input validation in the System Management Mode (SMM) handler can enable a Ring0 attacker to write to SMRAM and alter execution flow during S3 wake, potentially allowing arbitrary code execution. Affected context appears in AMD EPYC/embe...

CVE-2026-21353

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-21352

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-21352

DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-21353

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-21346

Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-21347

Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-21347

Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-21342

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-21342

Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-29950

CVE-2025-29950 describes an improper input validation in AMD’s System Management Mode (SMM) that could allow a privileged local attacker to overwrite stack memory and achieve arbitrary code execution. Public sources in the connected set consistently frame this as an SMM/stack-corruption issue wit...

CVE-2026-2302 Unsafe Reflection in Mongoid::Criteria.from_hash

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

CVE-2026-2302

Technical details about CVE-2026-2302 are not publicly available in the provided Connected documents. Monitor for updates; current information includes an Arbitrary Ruby code execution condition tied to Mongoid::Criteria.from_hash but no vendor/version specifics are given here.

Unsafe Reflection in Mongoid::Criteria.from_hash

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

CVE-2026-21353

The CVE-2026-21353 issue affects DNG SDK versions 1.7.1 ≤ 2410 and earlier. The root cause is an Integer Overflow or Wraparound (CWE-190) in the SDK, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. ...

CVE-2026-21353

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-21353 DNG SDK | Integer Overflow or Wraparound (CWE-190)

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...