Adobe After Effects 缓冲区错误漏洞

Adobe After Effects is a visual effects and dynamic graphics production software developed by Adobe, Inc. in the United States. This software is primarily used for 2D and 3D compositing, animation creation, and visual special effects. Versions of Adobe After Effects such as 26.0, 25.6.4, and...

Adobe Premiere Pro < 25.6.5 / 26.0.0 < 26.2.0 Multiple Arbitrary code execution (APSB26-46)

The version of Adobe Premiere Pro installed on the remote Windows host is prior to 25.6.5, 26.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-46 advisory. - Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that...

MiracleLinux 9 : openexr-3.1.1-3.el9_7.2 (AXSA:2026-604:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-604:03 advisory. OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34588 Tenable has extracted the preceding description bloc...

APSB26-47 : Security update available for Adobe Media Encoder

Adobe has released an update for Adobe Media Encoder. This update resolves critical vulnerabilities that could lead to arbitrary code execution...

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

PT-2026-40368

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

CVE-2026-31217

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...

CVE-2026-31235

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augmentimagesworker method without any safety...

CVE-2026-31218

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

Adobe Connect 安全漏洞

Adobe Connect is a software developed by Adobe in the United States, used to create meeting environments. There is a security vulnerability in Adobe Connect, which stems from incorrect authorization settings. This vulnerability may allow for the execution of arbitrary code within the current user...

Adobe Connect 代码问题漏洞

Adobe Connect is a software developed by Adobe, a company based in the United States, used to create meeting environments. There is a code vulnerability in Adobe Connect, which stems from deserializing untrusted data, potentially allowing arbitrary code to execute in the current user environment...

Adobe After Effects 输入验证错误漏洞

Adobe After Effects is a visual effects and dynamic graphics production software developed by Adobe, Inc. in the United States. This software is primarily used for 2D and 3D compositing, animation production, and visual effects creation. Versions of Adobe After Effects such as 26.0, 25.6.4, and...

CVE-2025-65719

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

Mamba 安全漏洞

Mamba is a state-space model for linear time series modeling, open-sourced by State-Spaces. Versions of Mamba 2.2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the MambaLMHeadModel.frompretrained method, which used torch.load to load weight files without...

RHEL 9 : golang (RHSA-2026:16498)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:16498 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: golang: Go golang and cmd/go: Arbitrary Code Execution via...

MiracleLinux 9 : systemd-252-55.el9_7.9.ML.1 (AXSA:2026-609:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-609:06 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description...

PT-2026-41384

Уязвимость программы для создания текстур и материалов для 3D моделей Adobe Substance 3D Sampler связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from stack buffer overflows in several underlying...

PT-2026-40428

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed...