Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) occurs when a victim opens a maliciously crafted PDF, triggering a use-after-free memory corruption that lets the attacker run code with the privileges of the logged-on user. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; however, Acrobat Reader is a perennial target for phishing-delivered malware, making patching a near-term priority. Adobe has issued APSB26-63 with fixed builds.
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is triggered when a user opens a malicious PDF, exploiting a Use-After-Free memory corruption flaw to run code as the current user. No public exploit identified at time of analysis, and EPSS data was not provided, but the high CVSS of 7.8 combined with Reader's massive install base makes this a routine patch priority. Vendor (Adobe) issued advisory APSB26-63 with corrective updates.
Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier results from a use-after-free memory corruption bug (CWE-416) triggered when a victim opens a malicious PDF. Code runs in the security context of the current user, making this a credible client-side initial-access vector via phishing or drive-by document delivery. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a victim opens a maliciously crafted PDF, triggering a use-after-free memory corruption flaw. Code runs with the privileges of the current user, and no public exploit identified at time of analysis, though Adobe has released APSB26-63 as the corresponding advisory.
Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier is possible when a victim opens a maliciously crafted file that triggers a use-after-free in the document parser. The flaw runs code in the context of the logged-in user and carries a CVSS 7.8 (High) score, but requires user interaction; no public exploit identified at time of analysis and EPSS data is not provided in the input.
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651, and earlier) is possible when a victim opens a maliciously crafted document, triggering a use-after-free condition in the renderer. The flaw runs code in the context of the current user and has no public exploit identified at time of analysis, though Adobe issued advisory APSB26-63 confirming the vulnerability class and affected versions.
Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs through a use-after-free flaw triggered when a victim opens a maliciously crafted PDF document. Code executes in the context of the current user, making this a classic client-side document exploit vector. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a victim opens a maliciously crafted PDF that triggers a use-after-free condition in the parser. Exploitation runs at the privilege of the user opening the file, and no public exploit identified at time of analysis. CVSS 7.8 reflects the local attack vector and required user interaction, but Reader's massive install base makes this a high-value target for phishing-driven campaigns.
Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier stems from a Use After Free condition (CWE-416) that triggers when a victim opens a malicious PDF, yielding execution in the context of the current user. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the file-opening attack pattern is a perennial favorite in phishing and document-borne campaigns targeting Acrobat. Adobe has shipped fixed builds under advisory APSB26-63.
Arbitrary code execution in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier occurs through a use-after-free condition triggered by opening a malicious PDF document. Successful exploitation runs code in the context of the current user, but no public exploit identified at time of analysis and the issue requires user interaction to open the crafted file.
Arbitrary code execution in Adobe Acrobat Reader 24.001.30365, 26.001.21651, and earlier versions occurs through a use-after-free condition triggered when a victim opens a malicious PDF file. Successful exploitation runs attacker-supplied code with the privileges of the current user, making this a viable phishing and drive-by document attack vector. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Arbitrary code execution in Adobe Format Plugins 1.1.2 and earlier occurs through a heap-based buffer overflow that executes in the current user's security context when a victim opens a maliciously crafted file. The flaw was reported by Adobe PSIRT and carries a CVSS 7.8 (high) score, but no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, suggesting it is currently a patching priority rather than an active incident.
Arbitrary code execution in Adobe Format Plugins versions 1.1.2 and earlier occurs via a heap-based buffer overflow triggered when a victim opens a malicious file. Exploitation runs in the context of the current user and requires user interaction, with no public exploit identified at time of analysis. The flaw is addressed in Adobe Security Bulletin APSB26-65.
Heap-based buffer overflow in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier enables arbitrary code execution in the context of the logged-in user when a victim opens a maliciously crafted document. No public exploit has been identified at time of analysis, but the high CVSS of 7.8 reflects severe local impact, and Acrobat Reader's massive install base makes it a perennial phishing target. Exploitation requires user interaction, which moderates urgency relative to zero-click flaws but does not eliminate risk in document-heavy enterprise environments.
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) occurs via a stack-based buffer overflow triggered when a victim opens a malicious PDF. Successful exploitation runs attacker code in the context of the current user, making this a viable initial-access vector through phishing or drive-by document delivery. No public exploit identified at time of analysis, but the bug class (CWE-121) and Acrobat's broad install base historically attract weaponization quickly after disclosure.
Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a victim opens a malicious PDF file that triggers an out-of-bounds write condition. The flaw executes code in the context of the logged-in user, and while no public exploit identified at time of analysis, the CVSS 7.8 rating reflects high impact across confidentiality, integrity, and availability. Adobe has published advisory APSB26-63 with a fix.
Arbitrary code execution in Adobe Dreamweaver Desktop versions 21.7 and earlier allows attackers to run code in the context of the current user when a victim opens a malicious file. The flaw stems from access of an uninitialized pointer (CWE-824) and is tracked under Adobe advisory APSB26-62. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Arbitrary code execution in Adobe Substance3D Sampler 6.0.0 and earlier occurs when a user opens a maliciously crafted asset file that triggers an out-of-bounds write in the application's parsing logic. Exploitation runs in the context of the logged-in user and requires user interaction to open the file; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Arbitrary code execution in Adobe Substance3D Sampler versions 6.0.0 and earlier occurs through an out-of-bounds write triggered when a user opens a maliciously crafted file. The flaw executes code in the context of the current user and requires victim interaction, with no public exploit identified at time of analysis and no CISA KEV listing.
Arbitrary code execution in Adobe Substance3D Sampler versions 6.0.0 and earlier occurs when a victim opens a maliciously crafted file, triggering an out-of-bounds write (CWE-787) in the application's file parser. Exploitation runs in the context of the current user and no public exploit identified at time of analysis, though the high CVSS of 7.8 reflects the full local impact triad once a user is socially engineered into opening the file.
Arbitrary code execution in Adobe Substance3D Sampler 6.0.0 and earlier occurs when a user opens a maliciously crafted 3D asset file, triggering an out-of-bounds write that runs attacker code with the current user's privileges. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the local attack vector combined with high impact and required user interaction makes this a classic targeted-phishing/social-engineering risk against artists and 3D designers.
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier allows attackers to run code as the logged-in user when a victim opens a maliciously crafted document file. The flaw is an out-of-bounds write (CWE-787) memory corruption issue requiring user interaction, and no public exploit has been identified at time of analysis.
Local privilege escalation in the Linux kernel's net/sched act_ct traffic control action stems from a use-after-free in tcf_ct_flow_table_get(), where rhashtable_lookup_fast() releases the RCU read lock before refcount_inc_not_zero() can pin the returned ct_ft object. EPSS is very low (0.02%, 7th percentile) and no public exploit identified at time of analysis, but Trend Micro ZDI provided detailed root-cause analysis and stable-tree patches are merged across 5.10 through 6.18 lines. Successful exploitation grants attacker-controlled kernel memory access enabling privilege escalation to root.
Local privilege escalation in Waves Central for macOS versions 13.0.9 through 16.5.5 allows an unprivileged user to gain root code execution by injecting a malicious dylib into a trusted XPC client process via DYLD_INSERT_LIBRARIES. The injected code then abuses the product's privileged helper service to perform operations as root. No public exploit identified at time of analysis, and EPSS probability is very low (0.02%), consistent with a local-only macOS desktop attack surface.
Out-of-bounds array access in the Linux kernel's Rockchip RKCIF camera interface driver (drivers/media/platform/rockchip/rkcif) allows a local low-privileged user to trigger memory corruption by reading one element past the end of internal arrays due to off-by-one comparison errors. Affects mainline Linux through 6.19 and is fixed in 7.0.4 and 7.1-rc1; no public exploit identified at time of analysis and EPSS exploitation probability is negligible (0.02%, 5th percentile).
Use-after-free and VFS invariant violations in the Linux kernel SMC subsystem (5.17 through pre-6.19.4) allow local privileged users to trigger memory corruption and system instability via the TCP ULP-to-SMC conversion path. The upstream maintainers fully reverted the underlying commit d7cd421da9da rather than attempting an in-place fix, citing fundamental design flaws; no public exploit identified at time of analysis and EPSS sits at 0.02% (5th percentile).
Race condition in the Linux kernel device-mapper (dm) subsystem allows a local privileged user to trigger memory corruption or use-after-free conditions by exploiting a TOCTOU flaw in dm_blk_report_zones, which calls dm_suspended_md without holding required locks. The flaw affects multiple stable kernel branches including 6.12.x, 6.15.x, 6.16, and 6.18.x prior to fixed releases. No public exploit identified at time of analysis, and EPSS scores exploitation probability at 0.02% (5th percentile).
Use-after-free in the Linux kernel's Generic Receive Offload (GRO) networking path allows local attackers to corrupt kernel memory and potentially achieve privilege escalation or denial of service. The flaw stems from skb_gro_receive() merging fragment lists between socket buffers without honoring the SKBFL_MANAGED_FRAG_REFS zero-copy flag, leaving page refcounts inconsistent. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02% (5th percentile).
Local privilege escalation potential exists in the Linux kernel's netfilter nf_tables subsystem where netlink hook unregistration functions failed to use RCU-safe list removal while concurrent dumpers walked the same list. Affected paths are nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks, which previously used non-RCU list_del semantics and could race with readers, leading to memory corruption or use-after-free conditions on systems exposing nftables. No public exploit identified at time of analysis, and EPSS rates real-world exploitation likelihood at 0.02%.
SecureBoot bypass affecting multiple third-party UEFI SHIM bootloaders allows local attackers with low privileges to circumvent boot integrity due to missing SBAT (Secure Boot Advanced Targeting) enforcement and validation. Impacted signed binaries span PC-Doctor Service Center, Spyrus WTGCreator, WhiteCanyon WipeDrive, Baramundi Management Suite, Finland's Abitti 1 exam environment, and NTC IT Rosa R9/R10. CVSS is 7.8 (local, low privileges) and SSVC indicates no known exploitation with total technical impact, while no public exploit identified at time of analysis.
Arbitrary code execution in Adobe InCopy versions 21.3, 20.5.3 and earlier occurs when a user opens a maliciously crafted document that triggers a heap-based buffer overflow (CWE-122). Successful exploitation runs attacker code in the security context of the current user, making this a credible vector for endpoint compromise via social engineering. No public exploit identified at time of analysis, and the CVE is not on the CISA KEV list.
Arbitrary code execution in Adobe InCopy 21.3, 20.5.3, and earlier allows attackers to run code as the current user when a victim opens a maliciously crafted file. The flaw stems from an out-of-bounds write (CWE-787) in file parsing logic, carries a CVSS 7.8 (local, user-interaction required), and has no public exploit identified at time of analysis. Adobe published advisory APSB26-59 addressing the issue.
Stack-based buffer overflow in Adobe InCopy 21.3, 20.5.3 and earlier enables arbitrary code execution in the context of the logged-in user when a victim opens a maliciously crafted document. The flaw is locally exploitable via file-format parsing and requires user interaction, with no public exploit identified at time of analysis. CVSS 7.8 reflects high impact on confidentiality, integrity, and availability but constrained reachability through the document-open vector.
Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through a heap-based buffer overflow triggered when a victim opens a maliciously crafted file. The flaw runs code in the security context of the current user and requires user interaction, with no public exploit identified at time of analysis. Adobe has published advisory APSB26-58 addressing the issue.
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs when a user opens a maliciously crafted document, triggering a stack-based buffer overflow (CWE-121) that runs attacker code in the context of the current user. Adobe issued advisory APSB26-58 for this issue; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through an out-of-bounds write triggered when a user opens a maliciously crafted document, allowing attacker code to run with the privileges of the current user. The flaw carries a CVSS 7.8 (High) rating, requires victim interaction, and no public exploit identified at time of analysis.
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier stems from a use-after-free condition triggered when a user opens a maliciously crafted document, allowing an attacker to run code with the privileges of the logged-in user. The flaw is reported by Adobe with a CVSS 3.1 base score of 7.8 and tagged for RCE, denial of service, and memory corruption, but there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs via a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted document file. The flaw runs code in the context of the current user and requires user interaction, with no public exploit identified at time of analysis. Adobe published advisory APSB26-58 addressing the issue.
Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier is possible when a user opens a maliciously crafted document, triggering a heap-based buffer overflow. The flaw runs code in the context of the logged-in user and was reported by Adobe; no public exploit identified at time of analysis and EPSS data is not provided.
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow triggered when a victim opens a malicious document file. Exploitation runs in the context of the current user and requires user interaction, with no public exploit identified at time of analysis. The issue was reported by Adobe and addressed in security bulletin APSB26-58.
Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow triggered when a user opens a malicious document. Successful exploitation runs attacker-controlled code in the context of the current user, but requires social engineering since the attack vector is local and user interaction is mandatory. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Local privilege escalation in Omnissa Workspace ONE Assist for macOS allows an authenticated local user with low privileges to escalate to higher privileges through a path traversal weakness (CWE-22). The flaw carries a CVSS 7.8 (High) rating with full confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. The vulnerability is tracked under Omnissa advisory OMSA-2026-0001 and is specific to the macOS build of the Assist remote-support agent.
Arbitrary VQL execution in Rapid7 Velociraptor before 0.76.6 allows attackers to compromise analyst workstations by supplying a malicious collection ZIP whose client_info.json hostname field breaks out of a YAML template generated by the Windows.Collectors.Remapping artifact. Triggered when an analyst loads the resulting remapping file with --remap, the injected VQL runs under NullACLManager with full permissions and no sandbox. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Remote denial-of-service in Microsoft's HTTP/2 implementation allows unauthenticated network attackers to exhaust server resources and disrupt service availability. The flaw (CWE-400, uncontrolled resource consumption) was reported by Microsoft's MSRC and carries a CVSS 7.5 score driven entirely by availability impact, with no public exploit identified at time of analysis.
Arbitrary code execution in Adobe Acrobat Reader 24.001.30365, 26.001.21651 and earlier arises from an uncontrolled search path element (CWE-427), enabling a local attacker to run code in the current user's context when a victim opens a malicious file. No public exploit identified at time of analysis, EPSS is very low (0.03%), and CISA SSVC marks exploitation as 'none' with total technical impact. Adobe has released a fix via security bulletin APSB26-63.
Privilege escalation via UID confusion in the Linux kernel's 9p filesystem client allows local users mounting 9P2000.L shares with non-default access modes to be silently demoted to the INVALID_UID (nobody/65534) for all fid lookups, breaking root's ability to chown or perform privileged file operations over the mount. Introduced by commit 1f3e4142c0eb during the conversion of 9p to the new mount API, the bug causes v9fs_apply_options() to OR user-supplied access flags onto the default V9FS_ACCESS_CLIENT instead of replacing them. EPSS is 0.02% and the issue is not on CISA KEV; no public exploit identified at time of analysis.
Privilege escalation in TYPO3 CMS Form Framework allows authenticated backend users with file write permissions to bypass upload restrictions using mixed-case file extensions (e.g., .FORM.YAML), then execute arbitrary SQL via crafted form definition files to create administrative backend accounts. The flaw affects TYPO3 versions before 10.4.57, 11.5.50, 12.4.45, 13.4.30, and 14.3.2 across all supported branches. No public exploit identified at time of analysis, but the upstream fix is published with detailed commit-level test cases that effectively serve as a roadmap for exploit development.
Denial-of-service in Micrometer (micrometer-core, micrometer-jetty11, and micrometer-jetty12) allows remote unauthenticated attackers to exhaust resources by sending specially crafted HTTP requests against applications that expose Micrometer-instrumented endpoints. The flaw affects a wide swath of supported 1.9.x through 1.16.x release lines and carries a CVSS 7.5 (availability-only) impact. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Denial-of-service in Adobe's CAI Content Credentials SDK (c2pa-web 0.7.1 and c2pa 0.80.1 and earlier) allows remote unauthenticated attackers to crash the application by submitting malformed input that bypasses validation. The flaw carries a CVSS 7.5 rating driven entirely by availability impact, with no confidentiality or integrity consequences. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Out-of-bounds read in OpenSSL's CMS password-based decryption code (CVE-2026-9076) allows remote attackers to cause denial of service against applications that decrypt attacker-supplied CMS messages. The flaw is fixed in OpenSSL 4.0.1 alongside a batch of other cryptographic vulnerabilities, with no public exploit identified at time of analysis and no CISA KEV listing. Multiple OpenSSL branches (1.0.2, 1.1.1, 3.0, 3.4, 3.5, 3.6, and 4.0.0) require updates per the upstream advisory.