PT-2026-49821

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Several functions within the RTCP packet decoder lack proper bounds checks, leading to a possible out-of-bounds read. This condition allows for remote informatio...

CVE-2026-2049 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

Exploit for Integer Overflow or Wraparound in Google Android

CVE-2025-48595 - Android Framework Integer Overflow Vulnerabil...

CVE-2026-48280

Adobe Experience Manager (AEM) is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability in versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue allows an attacker to cause malicious JavaScript to run in a victim’s browser by manipulating the DOM; exploitation requires user interact...

PT-2026-48079

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

CVE-2026-0094

In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

CVE-2026-0050

In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-20455

In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6784...

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from improper input validation in multiple functions within AccessibilityManagerService.java. This vulnerability may lead to local persistent...

gimp: GIMP: Remote Code Execution via PSP file parsing

A flaw was found in GIMP. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PSP PaintShop Pro file. This flaw is caused by a heap-based buffer overflow, where the application does not properly validate the length of user-supplied data. Successful...

EUVD-2026-29777

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service...

PT-2026-36768

Name of the Vulnerable Software and Affected Versions MediaTek MT2735 affected versions not specified Description Incorrect error handling in the Modem can cause a system crash. This allows a remote denial of service if a User Equipment UE connects to a rogue base station controlled by an attacke...

Astra Linux – Vulnerability in unrar-nonfree

RARLAB WinRAR Recovery Volume: Improper validation of array index leads to remote code execution vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability, as the targe...

CVE-2026-26944

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially...

CVE-2026-26944

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially...

PT-2026-33791

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially...

CVE-2026-27303

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must visit a maliciously craft...

CVE-2026-27303

Adobe Connect (versions 2025.3, 12.10 and earlier) is affected by a Deserialization of Untrusted Data vulnerability (CVE-2026-27303) that could lead to arbitrary code execution in the context of the current user. Exploitation does not require user interaction. The vulnerability is described as ha...

DEBIAN-CVE-2026-4154

GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

EUVD-2024-33430

The Co-marquage service-public.fr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.5.76. This makes it possible for unauthenticated attackers to inject arbitrary web...