CVE-2026-21791 - HCL Sametime for Android Information Disclosure Vulnerability
CVE ID :CVE-2026-21791
Published : March 10, 2026, 12:22 p.m. | 3 hours, 20 minutes ago
Description :HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21791
Published : March 10, 2026, 12:22 p.m. | 3 hours, 20 minutes ago
Description :HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22614 - Eaton EasySoft Project File Encryption Brute Force Vulnerability
CVE ID :CVE-2026-22614
Published : March 10, 2026, 12:22 p.m. | 3 hours, 20 minutes ago
Description :The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-22614
Published : March 10, 2026, 12:22 p.m. | 3 hours, 20 minutes ago
Description :The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3843 - Nefteprodukttekhnika BUK TS-G Gas Station Automation System SQL Injection
CVE ID :CVE-2026-3843
Published : March 10, 2026, 12:22 p.m. | 3 hours, 20 minutes ago
Description :SQL Injection (CWE-89) in the system configuration module in Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux allows remote attackers to execute arbitrary SQL commands and potentially achieve remote code execution via specially crafted SQL requests.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3843
Published : March 10, 2026, 12:22 p.m. | 3 hours, 20 minutes ago
Description :SQL Injection (CWE-89) in the system configuration module in Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux allows remote attackers to execute arbitrary SQL commands and potentially achieve remote code execution via specially crafted SQL requests.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2741 - Vaadin Node.js Zip Path Traversal Vulnerability
CVE ID :CVE-2026-2741
Published : March 10, 2026, 2:22 p.m. | 1 hour, 20 minutes ago
Description :Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it is not installed locally. If an attacker can intercept or control this download via DNS hijacking, a MITM attack, a compromised mirror, or a supply chain attack, they can serve a malicious archive containing path traversal sequences that write files outside the intended extraction directory. Users of affected versions should use a globally preinstalled Node.js version compatible with their Vaadin version, or upgrade as follows: 14.2.0-14.14.0 to 14.14.1, 23.0.0-23.6.6 to 23.6.7, 24.0.0-24.9.8 to 24.9.9, and 25.0.0-25.0.2 to 25.0.3 or newer. Please note that Vaadin versions 10-13 and 15-22 are no longer supported and you should update either to the latest 14, 23, 24, 25 version.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-2741
Published : March 10, 2026, 2:22 p.m. | 1 hour, 20 minutes ago
Description :Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it is not installed locally. If an attacker can intercept or control this download via DNS hijacking, a MITM attack, a compromised mirror, or a supply chain attack, they can serve a malicious archive containing path traversal sequences that write files outside the intended extraction directory. Users of affected versions should use a globally preinstalled Node.js version compatible with their Vaadin version, or upgrade as follows: 14.2.0-14.14.0 to 14.14.1, 23.0.0-23.6.6 to 23.6.7, 24.0.0-24.9.8 to 24.9.9, and 25.0.0-25.0.2 to 25.0.3 or newer. Please note that Vaadin versions 10-13 and 15-22 are no longer supported and you should update either to the latest 14, 23, 24, 25 version.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2742 - "Vaadin Spring Security Trailing Slash Authentication Bypass"
CVE ID :CVE-2026-2742
Published : March 10, 2026, 2:22 p.m. | 1 hour, 20 minutes ago
Description :An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without a trailing slash bypasses security filters, and allowing unauthenticated users to trigger framework initialization and create sessions without proper authorization. Users of affected versions using Spring Security should upgrade as follows: 14.0.0-14.14.0 upgrade to 14.14.1, 23.0.0-23.6.6 to 23.6.7, 24.0.0 - 24.9.7 to 24.9.8, and 25.0.0-25.0.1 upgrade to 25.0.2 or newer. Please note that Vaadin versions 10-13 and 15-22 are no longer supported and you should update either to the latest 14, 23, 24, 25 version.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-2742
Published : March 10, 2026, 2:22 p.m. | 1 hour, 20 minutes ago
Description :An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without a trailing slash bypasses security filters, and allowing unauthenticated users to trigger framework initialization and create sessions without proper authorization. Users of affected versions using Spring Security should upgrade as follows: 14.0.0-14.14.0 upgrade to 14.14.1, 23.0.0-23.6.6 to 23.6.7, 24.0.0 - 24.9.7 to 24.9.8, and 25.0.0-25.0.1 upgrade to 25.0.2 or newer. Please note that Vaadin versions 10-13 and 15-22 are no longer supported and you should update either to the latest 14, 23, 24, 25 version.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2339 - TUBITAK BILGEM Software Technologies Research Institute Liderahenk Missing Authentication for Critical Function Remote Code Inclusion Privilege Abuse Command Injection
CVE ID :CVE-2026-2339
Published : March 10, 2026, 2:22 p.m. | 1 hour, 20 minutes ago
Description :Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before v3.4.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-2339
Published : March 10, 2026, 2:22 p.m. | 1 hour, 20 minutes ago
Description :Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before v3.4.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11739 - Apache Java Deserialization Code Execution Vulnerability
CVE ID :CVE-2025-11739
Published : March 10, 2026, 2:22 p.m. | 1 hour, 20 minutes ago
Description :CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-11739
Published : March 10, 2026, 2:22 p.m. | 1 hour, 20 minutes ago
Description :CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13957 - PostgreSQL SOCKS Proxy Hard-coded Credentials Remote Code Execution
CVE ID :CVE-2025-13957
Published : March 10, 2026, 2:22 p.m. | 1 hour, 20 minutes ago
Description :CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-13957
Published : March 10, 2026, 2:22 p.m. | 1 hour, 20 minutes ago
Description :CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3862 - Cross-Site Scripting Vulnerability in SiteMinder Administrative UI
CVE ID :CVE-2026-3862
Published : March 10, 2026, 6:19 p.m. | 1 hour, 24 minutes ago
Description :Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3862
Published : March 10, 2026, 6:19 p.m. | 1 hour, 24 minutes ago
Description :Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21363 - Substance3D Painter NULL Pointer Dereference Denial of Service Vulnerability
CVE ID :CVE-2026-21363
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21363
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21364 - Substance3D Painter NULL Pointer Dereference Denial-of-Service Vulnerability
CVE ID :CVE-2026-21364
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21364
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21365 - Substance3D Painter Out-of-Bounds Read Vulnerability
CVE ID :CVE-2026-21365
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21365
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26741 - PX4 Autopilot Uncontrolled Drone Ascent Vulnerability
CVE ID :CVE-2026-26741
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing and before the automatic disarm triggered by the COM_DISARM_LAND parameter), the system lacks a throttle threshold safety check for the physical throttle stick. This flaw can directly cause the drone to lose control, experience rapid uncontrolled ascent (flyaway), and result in property damage
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-26741
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing and before the automatic disarm triggered by the COM_DISARM_LAND parameter), the system lacks a throttle threshold safety check for the physical throttle stick. This flaw can directly cause the drone to lose control, experience rapid uncontrolled ascent (flyaway), and result in property damage
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26742 - PX4 Autopilot Throttle Threshold Bypass Vulnerability
CVE ID :CVE-2026-26742
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds (default configuration) of an automatic landing, the system bypasses all pre-flight safety checks, including the throttle threshold check. This allows for an immediate high-thrust takeoff if the throttle stick is raised, leading to loss of control.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-26742
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds (default configuration) of an automatic landing, the system bypasses all pre-flight safety checks, including the throttle threshold check. This allows for an immediate high-thrust takeoff if the throttle stick is raised, leading to loss of control.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26801 - Adobe pdfmake SSRF
CVE ID :CVE-2026-26801
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy() method allowing server operators to define URL access rules. A warning is now logged when pdfmake is used server-side without a policy configured.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-26801
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy() method allowing server operators to define URL access rules. A warning is now logged when pdfmake is used server-side without a policy configured.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27214 - Substance3D Painter NULL Pointer Dereference Denial-of-Service Vulnerability
CVE ID :CVE-2026-27214
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27214
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27215 - Substance3D Painter NULL Pointer Dereference Denial-of-Service Vulnerability
CVE ID :CVE-2026-27215
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27215
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27216 - Substance3D Painter Out-of-Bounds Read Memory Exposure Vulnerability
CVE ID :CVE-2026-27216
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27216
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27217 - Substance3D Painter NULL Pointer Dereference Denial-of-Service Vulnerability
CVE ID :CVE-2026-27217
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27217
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27218 - Substance3D Painter NULL Pointer Dereference Denial of Service
CVE ID :CVE-2026-27218
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27218
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27219 - Substance3D Painter Out-of-bounds Read Information Disclosure Vulnerability
CVE ID :CVE-2026-27219
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27219
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...