Adobe Media Encoder < 25.6.5 / 26.0.0 < 26.2.0 Multiple Arbitrary code execution (APSB26-47) (macOS)

The version of Adobe Media Encoder installed on the remote macOS host is prior to 25.6.5, 26.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-47 advisory. - Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound...

PT-2026-40542

Name of the Vulnerable Software and Affected Versions esm.sh versions 137 and earlier Description The legacy router retrieves a response from legacyServer, parses the request path, and writes data to storage using the buildStorage.Put function. Because the router concatenates path components...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from a problem with the reuse of resources after their release, which could allow remote attackers who have breached...

PT-2026-40109

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.6.0 through 7.6.3 FortiOS versions 7.4.0 through 7.4.8 FortiOS versions 7.2.0 through 7.2.11 Description An out-of-bounds write issue allows an attacker to execute unauthorized code or commands by sending specially crafted...

PT-2026-40168

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-40449

Name of the Vulnerable Software and Affected Versions Heym versions prior to 0.0.21 Description Authenticated users can write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. This occurs due to an unvalidated filename parameter in the uplo...

PT-2026-40401

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

PT-2026-40317

Out-of-bounds write for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This...

PT-2026-40326

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-40386

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

HashiCorp Nomad和HashiCorp Nomad Enterprise 后置链接漏洞

HashiCorp Nomad and HashiCorp Nomad Enterprise are both products from HashiCorp, a company based in the United States. HashiCorp Nomad is a simple and flexible scheduler and orchestrator. It’s used for managing containers and non-containerized applications on both local and cloud environments...

PT-2026-40527

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 5.0.33 MongoDB Server versions prior to 6.0.28 MongoDB Server versions prior to 7.0.34 MongoDB Server versions prior to 8.0.23 MongoDB Server versions prior to 8.2.9 MongoDB Server versions prior to 8.3.2...

PT-2026-40171

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-40345

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-40347

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Adobe Commerce 安全漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a security vulnerability in Adobe Commerce, which stems from improper authorization. This vulnerability may allow security features to be bypassed, enabling...

HashiCorp Nomad 后置链接漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator provided by the American company HashiCorp. It is used for managing containers and non-containerized applications on both local and cloud environments. Versions of HashiCorp Nomad prior to 0.1.2 contained a post-installation...

PT-2026-40428

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed...

PT-2026-40391

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

PT-2026-40398

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...