CVE-2026-34643 After Effects | Out-of-bounds Write (CWE-787)

After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-34640 Media Encoder | Integer Overflow or Wraparound (CWE-190)

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-34639 Media Encoder | Out-of-bounds Write (CWE-787)

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-34639 Media Encoder | Out-of-bounds Write (CWE-787)

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-34637 Premiere Pro | Out-of-bounds Write (CWE-787)

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-34638

Premiere Pro is affected by a Use-After-Free vulnerability (CWE-416) in versions 26.0.2, 25.6.4 and earlier. The issue could lead to arbitrary code execution in the user’s context. Exploitation requires user interaction to open a malicious file. The connected records identify the affected version...

CVE-2026-34636

Premiere Pro is affected by an out-of-bounds write (CWE-787) in versions 26.0.2, 25.6.4 and earlier, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The CVSS metrics indicate a high-severity, local ...

CVE-2026-42045

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the...

CVE-2026-31224

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

CVE-2026-31217

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...

CVE-2026-31219

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...

Arbitrary Code Injection

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted...

Arbitrary Code Injection

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted schema names that are incorporated into generated...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the toObject function when handling a schema-controlled bytes field default value. An attacker can execute arbitrary JavaScript code by providing a crafted descriptor with a malicious default value for a byte...

Arbitrary Code Injection

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Arbitrary Code Injection in the toObject function when handling a schema-controlled bytes field default value. An attacker can execute arbitrary JavaScript code by providing a...

EUVD-2026-29437

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

CVE-2026-40129

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

CVE-2026-40129

The vulnerability CVE-2026-40129 affects SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. A code injection flaw allows an authenticated attacker to submit specially crafted inputs that, if processed, can be delivered to channel subscribers and execute code on behalf of other users...

CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

PT-2026-40082

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...