CVE-2026-47904 CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

CVE-2026-48266

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack application developed under the OpenStack open source framework. It is used to configure bare machines rather than virtual machines. OpenStack Ironic versions 35.0.x and earlier contain security vulnerabilities, which stem from a vulnerability that allo...

CVE-2026-9674

CVE-2026-9674 is a CSRF vulnerability in Jenkins Multijob Plugin (versions including 662.vd2e0001f6b_b_d and earlier) that allows an attacker to resume failed Multijob builds. The NVD/NVD-derived data attributes a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, low attack complex...

CVE-2025-46371

Dell PowerFlex Manager, versions

CVE-2026-45370

python-utcp is the python implementation of UTCP. Prior to 1.1.3, prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This...

CVE-2026-34638

Premiere Pro is affected by a Use-After-Free vulnerability (CWE-416) in versions 26.0.2, 25.6.4 and earlier. The issue could lead to arbitrary code execution in the user’s context. Exploitation requires user interaction to open a malicious file. The connected records identify the affected version...

CVE-2026-43033 affecting package kernel for versions less than 6.6.137.1-2

CVE-2026-43033 affecting package kernel for versions less than 6.6.137.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2026-27313 Bridge | Heap-based Buffer Overflow (CWE-122)

Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities, which were caused by defects in the LUT dump/iteration logic...

Hybridauth 信任管理问题漏洞

Hybridauth is an open-source web-based authentication and authorization software developed by Hybridauth. Versions of Hybridauth 3.12.2 and earlier contained a vulnerability related to trust management. This vulnerability stemmed from incorrect handling of parameters in the curlOptions file withi...

CVE-2025-47911 affecting package cri-tools for versions less than 1.29.0-9

CVE-2025-47911 affecting package cri-tools for versions less than 1.29.0-9. A patched version of the package is available...

TP-LINK Archer AXE75 安全漏洞

The TP-LINK Archer AXE75 is a wireless router produced by TP-LINK Corporation. The TP-LINK Archer AXE75 v1.6/v1.0 1.3.2 Build 20250107 and earlier versions have security vulnerabilities. These vulnerabilities stem from command injection in the web module, which may lead to remote code execution...

CVE-2026-26377

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...

Advisory ROSA-SA-2026-3182

Software: sqlite 3.26.0 OS: ROSA Virtualization 3.0 unaffected versions = sqlite-3.26.0-20.rv30 affected versions sqlite-3.26.0-20.rv30 CVE-ID: CVE-2025-6965 BDU-ID: 2025-08786 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Aggregate Term Handler component of the SQLite database management syst...

Infoblox NIOS 安全漏洞

Infoblox NIOS is a system developed by the American company Infoblox, used for managing and automating network devices and services. It is utilized to automate the configuration and management of networks, ensuring stable network operation. The Infoblox NIOS 9.0.7 and earlier versions have securi...

CVE-2026-21353 DNG SDK | Integer Overflow or Wraparound (CWE-190)

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-21339

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that...

CVE-2026-21345

Adobe Substance3D Stager is affected in versions 3.1.6 and earlier by an out-of-bounds read when parsing crafted files, potentially allowing code execution under the current user’s context. Exploitation requires user interaction (opening a malicious file). Multiple connected sources (CVE-2026-213...

CVE-2025-68798 affecting package kernel for versions less than 6.6.121.1-1

CVE-2025-68798 affecting package kernel for versions less than 6.6.121.1-1. A patched version of the package is available...