CVE-2026-21427

The CVE-2026-21427 issue affects PIONEER CORPORATION installers, where DLL search path handling allows loading insecure libraries (Uncontrolled search path element, CWE-427). Impact: arbitrary code could run with the installer's privileges. Documented by multiple sources (NVD/Red Hat/JVN) as affe...

EUVD-2026-1590

The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-1356)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1356 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building...

PT-2026-2059

Name of the Vulnerable Software and Affected Versions PIONEER CORPORATION installers affected versions not specified Description The installers for multiple products provided by PIONEER CORPORATION have a flaw in how they handle Dynamic Link Library DLL search paths. This can result in the loadin...

PIONEER USB DAC Amplifier和PIONEER Stellanova 代码问题漏洞

PIONEER USB DAC Amplifier and PIONEER Stellanova are both products of PIONEER Corporation, Japan.PIONEER USB DAC Amplifier is a line of hi-fi audio devices.PIONEER Stellanova is a line of audio systems. A code issue vulnerability exists in PIONEER USB DAC Amplifier and PIONEER Stellanova, which...

CVE-2019-25268 NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution

NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SM...

Bio-Formats has an XML External Entity (XXE) vulnerability

Bio-Formats versions up to and including 8.3.0 contain an XML External Entity XXE vulnerability in the Leica Microsystems metadata parsing component e.g., XLEF. The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity...

CVE-2019-7961

Adobe Prelude CC versions 8.1 and earlier have an insecure library loading dll hijacking vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2019-12365

The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12370

The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12369

The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12366

The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2025-12793

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS...

CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading

Summary A critical arbitrary code execution vulnerability exists in HuggingFace Transformers' Trainer class. The loadrngstate method at src/transformers/trainer.py:3059 calls torch.load without the weightsonly=True parameter. While a safeglobals context manager wraps this call, it provides no...

CVE-2025-12793

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS...

CVE-2025-12793

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS...

CVE-2025-12793

CVE-2025-12793 affects AsusSoftwareManagerAgent with an uncontrolled DLL loading path vulnerability. The Red Hat and CVE records corroborate a local attacker could influence the process to load a DLL from an attacker-controlled location, potentially enabling arbitrary code execution. The PT-Secur...

PT-2026-1396

Name of the Vulnerable Software and Affected Versions AsusSoftwareManagerAgent affected versions not specified Description An uncontrolled DLL loading path issue exists in AsusSoftwareManagerAgent. A local attacker may be able to influence the application to load a DLL from a location controlled ...

MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation

Summary Affected Components: org.msgpack.core.MessageUnpacker.readPayload org.msgpack.core.MessageUnpacker.unpackValue org.msgpack.value.ExtensionValue.getData A denial-of-service vulnerability exists in MessagePack for Java when deserializing .msgpack files containing EXT32 objects with...