7.8
CVE-2026-21281 - InCopy | Heap-based Buffer Overflow (CWE-122)
InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.3
CVE-2025-68949 - n8n has a Webhook Node IP Whitelist Bypass via Partial String Matching
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook nodeβs IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured wβ¦
8.6
CVE-2026-21280 - Illustrator | Untrusted Search Path (CWE-426)
Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that sβ¦
5.5
CVE-2026-21288 - Illustrator | NULL Pointer Dereference (CWE-476)
Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user inβ¦
7.8
CVE-2026-21277 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2026-21304 - InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2026-21275 - InDesign Desktop | Access of Uninitialized Pointer (CWE-824)
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
CVE-2026-21278 - InDesign Desktop | Out-of-bounds Read (CWE-125)
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a vβ¦
7.8
CVE-2026-21276 - InDesign Desktop | Access of Uninitialized Pointer (CWE-824)
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10
CVE-2025-68271 - Unauthenticated Remote Code Execution in openc3-api
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of cerβ¦