7.8
CVE-2026-21330 - After Effects | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)
After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a β¦
7.8
CVE-2026-21325 - After Effects | Out-of-bounds Read (CWE-125)
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Explβ¦
7.8
CVE-2026-21327 - After Effects | Out-of-bounds Write (CWE-787)
After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2026-21320 - After Effects | Use After Free (CWE-416)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2026-21321 - After Effects | Integer Overflow or Wraparound (CWE-190)
After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2026-21351 - After Effects | Use After Free (CWE-416)
After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8.7
CVE-2026-25611 - Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
6.9
CVE-2026-26003 - FastGPT Plugin forwarding request is not authenticated, posing a serious risk of attack
FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but itβ¦
7.8
CVE-2026-20841 - Windows Notepad App Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.
7.5
CVE-2026-20846 - GDI+ Denial of Service Vulnerability
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.