CVE-2026-49492

The CVE-2026-49492 entry concerns Markdown Preview Enhanced (pre-0.8.28) which opens external files/links from the preview via a shell and does not validate untrusted inputs from the markdown document (e.g., diagram filename attribute, imported file paths, latex_engine code-chunk attribute). On W...

CVE-2026-48792

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...

Astra Linux - уязвимость в exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...

Astra Linux - уязвимость в vim

Vim is an open-source, command-line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin could allow overwriting of arbitrary files when opening specially crafted zip archives. The impact is limited because this exploit requires direct user interaction. However,...

Astra Linux - уязвимость в pillow

A issue was discovered in Pillow prior to version 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to handle any combination of \r and \n as line endings. This implementation uses a quadratic method of accumulating lines while searching for a line ending. A malicious EPS...

CVE-2026-34662 Illustrator | NULL Pointer Dereference (CWE-476)

Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue...

SUSE CVE-2026-43391

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...

EUVD-2026-28697

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...

CVE-2026-43391

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...

CVE-2026-43391

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...

CVE-2026-43391 nsfs: tighten permission checks for handle opening

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...

CVE-2026-43391

CVE-2026-43391 affects the Linux kernel nsfs component. The issue arises from insufficient permission checks when opening handles, enabling privileged services to potentially view other privileged services’ namespaces and leak information. The fix centralizes policy via may_see_all_namespaces() a...

CVE-2026-43391

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...

PT-2026-39052

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the nsfs component where permission checks for handle opening are insufficiently restrictive. This allows privileged services to potentially see namespaces of other...

CVE-2026-23926

An authenticated non-super administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens th...

PT-2026-38894

Summary attachments: pocs.zip Submodule names coming from .gitmodules are exposed as unvalidated names and are later reused to derive the submodule git directory as: /modules/ Because the submodule name is joined directly as a filesystem path component, a name such as ../../../escaped-target.git...

CVE-2026-34618

Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

EUVD-2026-22438

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the curre...

CVE-2026-27291

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-27291 InDesign Desktop | Out-of-bounds Write (CWE-787)

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...