CVE-2026-3862 - Cross-Site Scripting Vulnerability in SiteMinder Administrative UI
CVE ID :CVE-2026-3862
Published : March 10, 2026, 6:19 p.m. | 1 hour, 24 minutes ago
Description :Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3862
Published : March 10, 2026, 6:19 p.m. | 1 hour, 24 minutes ago
Description :Cross-site Scripting (XSS) allows an attacker to submit specially crafted data to the application which is returned unaltered in the resulting web page.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21363 - Substance3D Painter NULL Pointer Dereference Denial of Service Vulnerability
CVE ID :CVE-2026-21363
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21363
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21364 - Substance3D Painter NULL Pointer Dereference Denial-of-Service Vulnerability
CVE ID :CVE-2026-21364
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21364
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21365 - Substance3D Painter Out-of-Bounds Read Vulnerability
CVE ID :CVE-2026-21365
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21365
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26741 - PX4 Autopilot Uncontrolled Drone Ascent Vulnerability
CVE ID :CVE-2026-26741
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing and before the automatic disarm triggered by the COM_DISARM_LAND parameter), the system lacks a throttle threshold safety check for the physical throttle stick. This flaw can directly cause the drone to lose control, experience rapid uncontrolled ascent (flyaway), and result in property damage
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-26741
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing and before the automatic disarm triggered by the COM_DISARM_LAND parameter), the system lacks a throttle threshold safety check for the physical throttle stick. This flaw can directly cause the drone to lose control, experience rapid uncontrolled ascent (flyaway), and result in property damage
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26742 - PX4 Autopilot Throttle Threshold Bypass Vulnerability
CVE ID :CVE-2026-26742
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds (default configuration) of an automatic landing, the system bypasses all pre-flight safety checks, including the throttle threshold check. This allows for an immediate high-thrust takeoff if the throttle stick is raised, leading to loss of control.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-26742
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds (default configuration) of an automatic landing, the system bypasses all pre-flight safety checks, including the throttle threshold check. This allows for an immediate high-thrust takeoff if the throttle stick is raised, leading to loss of control.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26801 - Adobe pdfmake SSRF
CVE ID :CVE-2026-26801
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy() method allowing server operators to define URL access rules. A warning is now logged when pdfmake is used server-side without a policy configured.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-26801
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy() method allowing server operators to define URL access rules. A warning is now logged when pdfmake is used server-side without a policy configured.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27214 - Substance3D Painter NULL Pointer Dereference Denial-of-Service Vulnerability
CVE ID :CVE-2026-27214
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27214
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27215 - Substance3D Painter NULL Pointer Dereference Denial-of-Service Vulnerability
CVE ID :CVE-2026-27215
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27215
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27216 - Substance3D Painter Out-of-Bounds Read Memory Exposure Vulnerability
CVE ID :CVE-2026-27216
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27216
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27217 - Substance3D Painter NULL Pointer Dereference Denial-of-Service Vulnerability
CVE ID :CVE-2026-27217
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27217
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27218 - Substance3D Painter NULL Pointer Dereference Denial of Service
CVE ID :CVE-2026-27218
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27218
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27219 - Substance3D Painter Out-of-bounds Read Information Disclosure Vulnerability
CVE ID :CVE-2026-27219
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27219
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27269 - Adobe Premiere Pro Out-of-Bounds Read Code Execution Vulnerability
CVE ID :CVE-2026-27269
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27269
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27273 - Substance3D - Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE ID :CVE-2026-27273
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27273
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27274 - Substance3D Stager Out-of-Bounds Write Vulnerability
CVE ID :CVE-2026-27274
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27274
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27275 - Substance3D Stager Out-of-Bounds Write Vulnerability
CVE ID :CVE-2026-27275
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27275
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27276 - Substance3D Use After Free Vulnerability
CVE ID :CVE-2026-27276
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27276
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27277 - Substance3D Use After Free Arbitrary Code Execution Vulnerability
CVE ID :CVE-2026-27277
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27277
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27279 - Substance3D Stager Out-of-Bounds Write Vulnerability
CVE ID :CVE-2026-27279
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27279
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27280 - DNG SDK | Out-of-bounds Write (CWE-787)
CVE ID :CVE-2026-27280
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27280
Published : March 10, 2026, 7:17 p.m. | 26 minutes ago
Description :DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...