CVE-2026-34618

Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-34714

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %expr injection occurs with tabpanel lacking PMLE...

CVE-2025-64894

DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this issue to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction ...

EUVD-2025-26771

Malicious code in bioql PyPI...

CVE-2025-38698

Summary: CVE-2025-38698 affects the Linux kernel JFS file system. A vulnerability allows regular file operations to fail or corrupt due to a corrupted on-disk file created with a negative i_size. The fix adds a check when opening such files to prevent subsequent operation failures, addressing pot...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-18823)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which is caused by free use when opening specially crafted files. An attacker can exploit the vulnerability to execute arbitrary code on the syste...

emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments...

gimp: psp off-by-one RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process...

SUSE CVE-2023-4218

In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...

USN-5492-1 vim vulnerability

It was discovered that Vim incorrectly handled memory when opening and searching the contents of certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash...

USN-5093-1 vim vulnerabilities

Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issu...

DEBIAN-CVE-2021-26222

The ezxmlnew function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool...

CVE-2014-10402

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. NOTE: this issue exists because of an incomplete fix for CVE-2014-10401...

Microsoft Office Remote Code Execution Vulnerability (CNVD-2017-06605)

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in the implementation of the Office software when opening files with malformed graphics, allowing an attacker to take control of the affected...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3635)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-3635 advisory. - sched: panic on corrupted stack end Jann Horn Orabug: 24971921 CVE-2016-1583 - ecryptfs: forbid opening files without mmap handler Jann Horn Orabug:...

Unbreakable Enterprise kernel security update

kernel-uek 4.1.12-61.1.17 - sched: panic on corrupted stack end Jann Horn Orabug: 24971921 CVE-2016-1583 - ecryptfs: forbid opening files without mmap handler Jann Horn Orabug: 24971921 CVE-2016-1583 - proc: prevent stacking filesystems on top Jann Horn Orabug: 24971921 CVE-2016-1583...

Ubuntu 12.04 LTS / 12.10 : ruby1.9.1 vulnerabilities (USN-1614-1)

Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. USN-1602-1 fixed these vulnerabilities in other Ubuntu releases. This update provides the...