Common Vulnerabilities and Exposures (CVE)
CVE-2026-0536
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2026-20952
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-11730
A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 5...
CVE-2026-20957
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-13379
IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
CVE-2026-20941
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
CVE-2026-21268
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction ...
CVE-2026-0106
In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita...
CVE-2026-21272
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data in...
CVE-2026-21274
Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass...
CVE-2026-21271
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction ...
CVE-2025-15566
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of t...
CVE-2026-21267
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitati...
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted H...
CVE-2026-21276
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user i...