CVE-2026-47965 Acrobat Reader | Out-of-bounds Write (CWE-787)

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Arbitrary Code Injection

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Arbitrary Code Injection in the api/v2/tenants/defaulttenant/databases/defaultdatabase/collections/collectionid endpoint when a malicious model repository is sent and trustremotecode is set to true. An attacker can...

CVE-2026-40677

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

CVE-2026-53787

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

CVE-2026-47210

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI WebAssembly.promising / WebAssembly.Suspending...

CVE-2026-47140

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, workerthreads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed code to reach...

CVE-2026-47208

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4...

CVE-2026-47131

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call.lookupGetter, Buffer, "proto", Buffer.call.call.lookupSetter, Buffer, "proto", and Node.js's ERRINVALIDARGTYPE Error, the host's TypeError constructor can be obtained, which allows the escape from...

CVE-2026-2049

A flaw was found in GIMP. This heap-based buffer overflow vulnerability, located in the HDR file parsing component, allows a remote attacker to execute arbitrary code. User interaction is required for exploitation, as the target must open a malicious HDR file. The flaw occurs due to a lack of...

CVE-2026-40677

The vulnerability CVE-2026-40677 affects AMD optional tools that use insecure HTTP transport, enabling a potential attacker to perform a man-in-the-middle attack and potentially achieve arbitrary code execution. The issue stems from unencrypted transport within these tools, which could allow inte...

CVE-2026-40677

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

CVE-2026-40677

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

EUVD-2026-36488

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

EUVD-2026-36448

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI WebAssembly.promising / WebAssembly.Suspending...

CVE-2026-47210

Summary : CVE-2026-47210 affects the vm2 sandbox prior to version 3.11.4, where a JSPI-backed Promise pathway can bypass Promise species hardening via WebAssembly.promising/WebAssembly.Suspending, potentially exposing a host-originated rejection object to attacker-controlled logic and breaking sa...

CVE-2026-47210 vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI WebAssembly.promising / WebAssembly.Suspending...

CVE-2026-11967

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an...

CVE-2026-11879

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorti...

CVE-2026-47140 vm2: NodeVM builtin denylist bypass via process and inspector/promises allows host code execution

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, workerthreads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed code to reach...

CVE-2026-47140 vm2: NodeVM builtin denylist bypass via process and inspector/promises allows host code execution

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, workerthreads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed code to reach...