451 matches found
EUVD-2026-35783
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-49492
The CVE-2026-49492 entry concerns Markdown Preview Enhanced (pre-0.8.28) which opens external files/links from the preview via a shell and does not validate untrusted inputs from the markdown document (e.g., diagram filename attribute, imported file paths, latex_engine code-chunk attribute). On W...
CVE-2026-45058 electerm: Import unsafe bookmark data could lead to unsafe operation when click local type bookmark
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured...
CVE-2026-48792
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...
Astra Linux – Vulnerability in pillow
A issue was discovered in Pillow prior to version 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to handle any combination of \r and \n as line endings. This implementation uses a quadratic method of accumulating lines while searching for a line ending. A malicious EPS...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...
CVE-2026-34662 Illustrator | NULL Pointer Dereference (CWE-476)
Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue...
SUSE CVE-2026-43391
In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...
EUVD-2026-28697
In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...
CVE-2026-43391
In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...
CVE-2026-43391
In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...
CVE-2026-43391 nsfs: tighten permission checks for handle opening
In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...
CVE-2026-43391
CVE-2026-43391 affects the Linux kernel nsfs component. The issue arises from insufficient permission checks when opening handles, enabling privileged services to potentially view other privileged services’ namespaces and leak information. The fix centralizes policy via may_see_all_namespaces() a...
CVE-2026-43391 nsfs: tighten permission checks for handle opening
In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...
CVE-2026-43391
In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...
PT-2026-39052
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the nsfs component where permission checks for handle opening are insufficiently restrictive. This allows privileged services to potentially see namespaces of other...
CVE-2026-23926
An authenticated non-super administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens th...
PT-2026-38894
Summary attachments: pocs.zip Submodule names coming from .gitmodules are exposed as unvalidated names and are later reused to derive the submodule git directory as: /modules/ Because the submodule name is joined directly as a filesystem path component, a name such as ../../../escaped-target.git...
CVE-2026-34618
Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
EUVD-2026-22438
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the curre...