GHSA-HXW8-4H9J-HQ2R File Browser has an Authentication Bypass in User Password Update

Security Advisory: Authentication Bypass in User Password Update Summary A case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change any user's password without providing the current password. By using Title Case field name...

PT-2026-7373

Name of the Vulnerable Software and Affected Versions After Effects versions 25.6 and earlier Description The software is susceptible to an Integer Overflow or Wraparound issue that may lead to arbitrary code execution with the privileges of the current user. Successful exploitation requires a us...

Adobe After Effects 资源管理错误漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects 25.6 and earlier versions suffer from a Memory Free Aft...

Adobe After Effects 资源管理错误漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects 25.6 and earlier versions suffer from a Memory Free Aft...

Adobe Bridge 缓冲区错误漏洞

Adobe Bridge is a file viewer developed by Adobe Inc. Versions of Adobe Bridge such as 15.1.3, 16.0.1, and earlier versions have a buffer error vulnerability. This vulnerability stems from out-of-bounds writing, which may allow arbitrary code to execute in the current user environment...

PT-2026-7379

After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Adobe Lightroom Desktop 缓冲区错误漏洞

Adobe Lightroom Desktop is a professional photo management and editing software from the American company Audobee Adobe, designed to provide photographers and image editors with powerful workflow and editing tools. Adobe Lightroom Desktop suffers from an out-of-bounds write vulnerability that can...

CVE-2026-25889

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change...

CVE-2026-25889 File Browser has an Authentication Bypass in User Password Update

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change...

CVE-2026-25889 File Browser has an Authentication Bypass in User Password Update

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change...

CVE-2026-25889

Summary: CVE-2026-25889 affects File Browser up to version 2.57.0. A case-sensitive password check flaw in the API allows an authenticated attacker (with a valid JWT obtained via XSS, session hijack, etc.) to change a password without supplying the current one by sending the field name with Title...

kernel: svcrdma: use rc_pageoff for memcpy byte offset

In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rcpageoff for memcpy byte offset svcrdmacopyinlinerange added rccurpage page index to the page base instead of the byte offset rcpageoff. Use rcpageoff so copies land within the current page. Found by ZeroPath...

CVE-2026-0660

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

SUSE CVE-2025-71194

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

ROS-20260205-73-0033

A vulnerability in the currentpasswordstore function of the dell-wmi-sysman driver of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-0536

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

EUVD-2026-5382

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-71194

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

CVE-2025-71194

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

UBUNTU-CVE-2025-71194

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...