|
2571
|
5.9 |
MEDIUM
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fe…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44577
|
2026-05-14 05:00 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2572
|
5.5 |
MEDIUM
Local
|
pengutronix
|
barebox
|
barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directo…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-34962
|
2026-05-14 04:58 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2573
|
7.7 |
HIGH
Local
|
pengutronix
|
barebox
|
barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34961
|
2026-05-14 04:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2574
|
7.8 |
HIGH
Local
|
pengutronix
|
barebox
|
barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithm…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-34963
|
2026-05-14 04:44 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2575
|
7.8 |
HIGH
Local
|
adobe
|
after_effects
|
After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitat…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-34690
|
2026-05-14 04:42 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2576
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_designer
|
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34682
|
2026-05-14 04:40 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2577
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_designer
|
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34681
|
2026-05-14 04:40 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2578
|
6.3 |
MEDIUM
Local
|
adobe
|
substance_3d_designer
|
Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file sy…
|
CWE-22
Path Traversal
|
CVE-2026-34664
|
2026-05-14 04:40 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2579
|
9.3 |
CRITICAL
Network
|
adobe
|
connect_desktop_application
|
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An …
|
CWE-863
Incorrect Authorization
|
CVE-2026-34660
|
2026-05-14 04:39 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2580
|
9.6 |
CRITICAL
Network
|
adobe
|
connect_desktop_application
|
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-34659
|
2026-05-14 04:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
