8.7
CVE-2025-68701 - Jervis has Deterministic AES IV Derivation from Passphrase
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2.
8.7
CVE-2025-68931 - Jervis has AES CBC Mode Without Authentication
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2.
8.7
CVE-2025-68698 - Jervis has an RSA PKCS#1 v1.5 Padding Vulnerability
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP (Optimal Asymmetric Encryption Padding). This vulnerability is fixed in 2.2.
6.6
CVE-2026-22791 - openCryptoki incorrectly calculates the buffer size in C_WrapKey with CKM_ECDH_AES_KEY_WRAP
openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public kβ¦
7.8
CVE-2026-21283 - Bridge | Heap-based Buffer Overflow (CWE-122)
Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2026-21281 - InCopy | Heap-based Buffer Overflow (CWE-122)
InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.3
CVE-2025-68949 - n8n has a Webhook Node IP Whitelist Bypass via Partial String Matching
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook nodeβs IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured wβ¦
8.6
CVE-2026-21280 - Illustrator | Untrusted Search Path (CWE-426)
Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that sβ¦
5.5
CVE-2026-21288 - Illustrator | NULL Pointer Dereference (CWE-476)
Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user inβ¦
7.8
CVE-2026-21277 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.