|
1261
|
7.8 |
HIGH
Local
|
adobe
|
bridge
|
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-34630
|
2026-04-16 03:20 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1262
|
7.8 |
HIGH
Local
|
adobe
|
framemaker
|
Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu…
|
CWE-416
Use After Free
|
CVE-2026-27292
|
2026-04-16 03:15 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1263
|
7.8 |
HIGH
Local
|
adobe
|
framemaker
|
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-27293
|
2026-04-16 03:15 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1264
|
7.8 |
HIGH
Local
|
adobe
|
framemaker
|
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structur…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-27294
|
2026-04-16 03:14 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1265
|
7.8 |
HIGH
Local
|
adobe
|
framemaker
|
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-27295
|
2026-04-16 03:14 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1266
|
9.9 |
CRITICAL
Network
|
praison
|
praisonai
|
PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a…
|
CWE-657
CWE-693
Violation of Secure Design Principles
Protection Mechanism Failure
|
CVE-2026-39888
|
2026-04-16 03:02 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1267
|
7.5 |
HIGH
Network
|
praison
|
praisonai
|
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. The create_a2u_routes() function…
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-39889
|
2026-04-16 02:57 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1268
|
9.8 |
CRITICAL
Network
|
praison
|
praisonai
|
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/functi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-39890
|
2026-04-16 02:56 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1269
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with …
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-34538
|
2026-04-16 02:51 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1270
|
6.5 |
MEDIUM
Network
|
saleor
|
saleor
|
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmat…
|
CWE-285
Improper Authorization
|
CVE-2026-35407
|
2026-04-16 02:51 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
