PT-2026-40344

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-40170

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-40169

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

AMD Chipset Driver Vulnerabilities

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-0028| An unchecked return value within the AMD Platform Management Framework PMF could allow an attacker to read or modify an arbitrary address, potentially resulting in loss of...

RHEL 9 : golang (RHSA-2026:16494)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:16494 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: golang: Go golang and cmd/go: Arbitrary Code Execution via...

Adobe Premiere Pro < 25.6.5 / 26.0.0 < 26.2.0 Multiple Arbitrary code execution (APSB26-46) (macOS)

The version of Adobe Premiere Pro installed on the remote macOS host is prior to 25.6.5, 26.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-46 advisory. - Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that...

Adobe Media Encoder < 25.6.5 / 26.0.0 < 26.2.0 Multiple Arbitrary code execution (APSB26-47) (macOS)

The version of Adobe Media Encoder installed on the remote macOS host is prior to 25.6.5, 26.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-47 advisory. - Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound...

Adobe After Effects < 25.6.5 / 26.0 < 26.2 Multiple Arbitrary code execution (APSB26-48) (macOS)

The version of Adobe After Effects installed on the remote macOS host is prior to 25.6.5, 26.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-48 advisory. - After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow...

ludwig 安全漏洞

Ludwig is an open-source declarative deep learning framework developed by Ludwig. Versions of Ludwig 0.10.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the model service component using torch.load without enabling the weightsonly=True parameter when loading model...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability caused by the reuse of extensions after they were released. This vulnerability could allow attackers to execute arbitrary code...

CVE-2026-31214

The vulnerability CVE-2026-31214 affects the torch-checkpoint-shrink.py script in the ml-engineering project, commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27). The script uses torch.load() to process PyTorch checkpoint files (.pt) without enabling weights_only=True, allowing the deser...

PT-2026-40058

The load model function in the neural magic training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line...

ROS-20260512-73-0012

Vulnerability in python-tornado related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

Adobe Substance3D Painter 缓冲区错误漏洞

Adobe Substance3D Painter is a 3D scene building software developed by Adobe, a company based in America. Versions of Adobe Substance3D Painter 12.0.2 and earlier contain a buffer overflow vulnerability, which stems from out-of-bound writes, potentially allowing arbitrary code to execute in the...

Adobe Media Encoder 输入验证错误漏洞

Adobe Media Encoder is a audio and video encoding application developed by Adobe, a company based in the United States. Versions of Adobe Media Encoder such as 26.0.2, 25.6.4, and earlier versions had a vulnerability related to input validation errors. This vulnerability stemmed from integer...

PT-2026-39923

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

WordPress plugin GWD Connect 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-39994

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

CVE-2026-31217

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...

CVE-2025-65719

Affected software: Open Source Kubectl MCP Server v1.1.1. Issue: A vulnerability allows attackers to execute arbitrary code on a victim system via a crafted HTML page. What is known: Documented across multiple sources (NVD, EUVD, CVE listing) with the same description. No explicit root cause, aff...