CVE-2026-34675

Substance3D Painter prior to version 12.0.3 is affected by an out-of-bounds write vulnerability (CWE-787) that can enable arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. Affected product: Substance3D Paint...

CVE-2026-20714

Summary: CVE-2026-20714 impacts Intel QAT software drivers for Windows, prior to version 1.13, in Ring 3 (User Applications). The flaw is an out-of-bounds write that may enable privilege escalation. An unprivileged, authenticated user with low attack complexity and no user interaction could abuse...

CVE-2026-34643 After Effects | Out-of-bounds Write (CWE-787)

After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-20879

Out-of-bounds write for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result...

CVE-2026-34639 Media Encoder | Out-of-bounds Write (CWE-787)

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-34639

CVE-2026-34639 affects Adobe Media Encoder versions 26.0.2, 25.6.4 and earlier. It is an out-of-bounds write (CWE-787) vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The ava...

CVE-2026-34637

Premiere Pro is affected by an out-of-bounds write (CWE-787) in versions 26.0.2, 25.6.4 and earlier. The vulnerability could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, with the victim opening a malicious file. No remediation detail...

CVE-2026-34637 Premiere Pro | Out-of-bounds Write (CWE-787)

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-34637 Premiere Pro | Out-of-bounds Write (CWE-787)

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-34636

Premiere Pro is affected by an out-of-bounds write (CWE-787) in versions 26.0.2, 25.6.4 and earlier, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The CVSS metrics indicate a high-severity, local ...

CVE-2026-34636 Premiere Pro | Out-of-bounds Write (CWE-787)

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-53844

CVE-2025-53844 is an out-of-bounds write vulnerability in Fortinet FortiOS versions: 7.6.0–7.6.3, 7.4.0–7.4.8, and 7.2.0–7.2.11. The issue allows an attacker to execute unauthorized code or commands via specially crafted network packets, indicating a network-exposed attack surface with high impac...

CVE-2025-53844

A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets...

CVE-2026-20879

CVE-2026-20879 affects the Intel Data Center Graphics Driver for VMware ESXi (pre-2.0.2). An out-of-bounds write in Ring 1 device drivers can lead to denial of service and data corruption. The CVE lists local access requirements with high privileges and no user interaction, with potential impacts...

CVE-2026-20879

Out-of-bounds write for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result...

CVE-2026-43992

The CVE describes a vulnerability in JunoClaw where, prior to version 0.x.y-security-1, MCP write tools (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted a mnemonic: string parameter, causing the BIP-39 seed to be embedded in the LLM tool-call JSON. T...

Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)

Summary ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes closeresults at line 438, but the second stage — which processes POST-body parameters dp — ...

Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option

Summary When dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine's logging path. The logger opens the...

CVE-2025-61624

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions,...

CVE-2026-43912

A flaw was found in Vaultwarden, a Bitwarden-compatible server. A remote attacker with administrative privileges in one organization and low-privileged membership in another could exploit improper enforcement of organization consistency in group management endpoints. This allows the attacker to...