Adobe InCopy < 20.5.4 / 21.0 < 21.4.0 Multiple Vulnerabilities Arbitrary code execution (APSB26-59)

The version of Adobe InCopy installed on the remote host is prior to 20.5.4, 21.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-59 advisory. - Stack-based Buffer Overflow CWE-121 potentially leading to Arbitrary code execution CVE-2026-34708 - Out-of-bounds...

Linux Distros Unpatched Vulnerability : CVE-2026-11645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...

Linux Distros Unpatched Vulnerability : CVE-2026-11694

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary...

PT-2026-47723

Name of the Vulnerable Software and Affected Versions Blocksy versions prior to 2.1.36 Description Insufficient input sanitization in the blocksy sanitize post meta options function allows authenticated attackers with contributor-level access or higher to store serialized PHP object strings in po...

PT-2026-48138

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-48140

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-48169

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

CVE-2026-36722

An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file...

PT-2026-47964

Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

PT-2026-48021

Name of the Vulnerable Software and Affected Versions Visual Studio Code versions prior to 1.123.1 Description Exposure of sensitive information to an unauthorized actor allows an attacker to disclose information over a network. Recommendations Update to version 1.123.1 or later...

PT-2026-48025

Name of the Vulnerable Software and Affected Versions Windows HTTP.sys affected versions not specified Description An integer overflow or wraparound in the HTTP.sys driver allows an unauthorized remote attacker to execute arbitrary code over a network and affect the system. Recommendations At the...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

PT-2026-47996

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally...

PT-2026-48263

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader versions prior to 24.001.30366 Adobe Acrobat affected versions not specified Adobe Acrobat 2024 affected versions not specified Description A stack-based buffer overflow occurs when a program writes more data to a buffer...

PT-2026-47804

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to child process.spawn with the shell: true option, allowing shell...

PT-2026-47786

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix rlimit for posix cpu timers Posix cpu timers requires an additional step beyond setting the rlimit. Refactor the code so its clear when what code is setting the limit and conditionally update the posix cpu timers wh...

PT-2026-48018

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A use after free issue in the Windows Kernel allows an unauthorized attacker to execute code remotely over a network. This flaw enables remote, unauthenticated code execution at...

PT-2026-47806

Name of the Vulnerable Software and Affected Versions Ivanti Sentry versions prior to R10.5.2 Ivanti Sentry versions prior to R10.6.2 Ivanti Sentry versions prior to R10.7.1 Description An OS command injection flaw allows a remote unauthenticated user to execute arbitrary code with root privilege...

RHEL 10 : libyang (RHSA-2026:24758)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24758 advisory. Libyang is YANG data modeling language parser and toolkit written and providing API in C. Security Fixes: libyang: libyang: Denial of Service or...