PT-2026-47958

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

PT-2026-48140

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

📄 Quick Playground for WordPress 1.3.1 Shell Upload

Proof of concept remote shell upload exploit for Quick Playground for WordPress plugin versions 1.3.1 and below. ================================================================================================================================== | Title : Quick Playground for WordPress 1.3.1 —...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2026-2207)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a...

PT-2026-48007

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...

Microsoft HTTP.sys 安全漏洞

Microsoft HTTP.SYS is an HTTP application protocol developed by Microsoft Corporation. There are security vulnerabilities in Microsoft HTTP.SYS. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Windows 10 Version 1809 for 32-bit system...

Adobe Reader < 26.001.21662 Multiple Vulnerabilities (APSB26-63)

The version of Adobe Reader installed on the remote Windows host is a version prior to 26.001.21662. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could resu...

Microsoft Office 安全漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a security vulnerability in Microsoft Office, which stems from type confusion. This...

Security Updates for Microsoft Word Products (June 2026)

The Microsoft Word Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-45456, CVE-2026-45458 - Untrust...

PT-2026-48018

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A use after free issue in the Windows Kernel allows an unauthorized attacker to execute code remotely over a network. This flaw enables remote, unauthenticated code execution at...

VMware Spring HATEOAS 访问控制错误漏洞

VMware Spring HATEOAS is a REST API hypermedia development framework provided by the American company VMware. Vulnerabilities in access control exist in versions 1.5.0 to 1.5.6, 2.3.0 to 2.3.4, 2.4.0 to 2.4.1, 2.5.0 to 2.5.2, and 3.0.0 to 3.0.3 of VMware Spring HATEOAS. This vulnerability stems...

NVIDIA DALI 输入验证错误漏洞

NVIDIA DALI is a data loading and preprocessing library developed by NVIDIA Corporation in the United States. NVIDIA DALI has a vulnerability related to input validation errors. This vulnerability stems from improper index validation in the components of the library, which can lead to code...

Adobe Substance3D Sampler 缓冲区错误漏洞

Adobe Substance3D Sampler is a rendering software for 3D scenes developed by Adobe Inc. Versions of Adobe Substance3D Sampler 6.0.0 and earlier contain a buffer error vulnerability. This vulnerability stems from an out-of-bounds write vulnerability, which could allow arbitrary code to be executed...

Microsoft Remote Desktop Client 安全漏洞

Microsoft Remote Desktop Client is a remote desktop client developed by Microsoft Corporation. There are security vulnerabilities present in Microsoft Remote Desktop Client. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Windows 10...

OpenSSL 资源管理错误漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

WordPress plugin Recover Exit For WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Microsoft Remote Desktop Client 安全漏洞

Microsoft Remote Desktop Client is a remote desktop client developed by Microsoft Corporation. There are security vulnerabilities in Microsoft Remote Desktop Client. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Windows 10 Version...

Adobe Acrobat Reader 代码问题漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have code vulnerabilities. These vulnerabilities...

Microsoft Azure Kubernetes Service 路径遍历漏洞

Microsoft Azure Kubernetes Service is a service provided by Microsoft Corporation for deploying, managing, and scaling containerized applications. Microsoft Azure Kubernetes Service has a path traversal vulnerability. Attackers can exploit this vulnerability to execute code remotely...

NETGEAR JR6150 输入验证错误漏洞

NETGEAR JR6150 is a wireless router produced by NETGEAR, a company in the United States. The NETGEAR JR6150 has a vulnerability related to input validation. This vulnerability stems from insufficient input validation, which may allow users connected to the local WiFi network to execute operating...