197204 matches found
CVE-2025-65719
Affected software: Open Source Kubectl MCP Server v1.1.1. Issue: A vulnerability allows attackers to execute arbitrary code on a victim system via a crafted HTML page. What is known: Documented across multiple sources (NVD, EUVD, CVE listing) with the same description. No explicit root cause, aff...
CVE-2026-31217
The CVE-2026-31217 entry concerns the optimate project’s neural_magic_training.py _load_model() function. If a user supplies a directory via --model, it reads module.py from that directory and executes its contents with Python's exec() without validation or sanitization. This enables an attacker ...
CVE-2026-31218
The CVE concerns the optimate project’s neural_magic_training.py, where _load_model() deserializes a state_dict.pt with torch.load() without enabling weights_only=True. This enables deserialization of arbitrary Python objects via Pickle, allowing a remote attacker to provide a crafted state_dict....
PT-2026-40062
The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...
CVE-2026-31219
The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...
PT-2026-40326
Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2026-40429
An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...
PT-2026-40168
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
APSB26-52 : Security update available for Adobe Substance 3D Designer
Adobe has released an update for Adobe Substance 3D Designer that addresses important vulnerabilities. Successful exploitation could lead to arbitrary file system read and arbitrary code execution in the context of the current user...
APSB26-54 : Security update available for Adobe Substance 3D Sampler
Adobe has released an update for Adobe Substance 3D Sampler. This update addresses a critical vulnerability in Adobe Substance 3D Sampler. Successful exploitation could lead to arbitrary code execution...
Adobe After Effects < 25.6.5 / 26.0 < 26.2 Multiple Arbitrary code execution (APSB26-48)
The version of Adobe After Effects installed on the remote Windows host is prior to 25.6.5, 26.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-48 advisory. - After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow...
PT-2026-40057
The load model function in the neural magic training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a state dict.pt file via torch.load, the function does...
PT-2026-40047
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file...
Adobe Substance3D Designer 缓冲区错误漏洞
Adobe Substance3D Designer is a texture and material creation software developed by Adobe Inc. Versions of Adobe Substance3D Designer 15.1.0 and earlier contain a buffer error vulnerability, which stems from out-of-buffer writes, potentially allowing arbitrary code to execute in the current user...
Adobe Substance3D Designer 缓冲区错误漏洞
Adobe Substance3D Designer is a texture and material creation software developed by Adobe Inc. Versions of Adobe Substance3D Designer 15.1.0 and earlier contain a buffer error vulnerability, which stems from out-of-buffer writes, potentially allowing arbitrary code to execute in the current user...
Adobe Illustrator 缓冲区错误漏洞
Adobe Illustrator is a vector-based image creation software developed by Adobe Inc. of the United States. Adobe Illustrator has a buffer overflow vulnerability, which stems from out-of-bounds writes, potentially allowing arbitrary code to execute in the current user environment. The following...
PT-2026-40345
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2026-40171
Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-31238
The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...
CVE-2026-31219
The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...