10
CVE-2026-39842 - OpenRemote is Vulnerable to Expression Injection
OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval() withβ¦
9.6
CVE-2026-39399 - NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend jobβs handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that may β¦
7.8
CVE-2026-27297 - Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
CVE-2026-27300 - Adobe Framemaker | Access of Uninitialized Pointer (CWE-824)
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim muβ¦
7.8
CVE-2026-27296 - Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8.6
CVE-2026-27290 - Adobe Framemaker | Untrusted Search Path (CWE-426)
Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could moβ¦
7.8
CVE-2026-27298 - Adobe Framemaker | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must opβ¦
7.8
CVE-2026-27294 - Adobe Framemaker | Out-of-bounds Read (CWE-125)
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user.β¦
7.8
CVE-2026-27295 - Adobe Framemaker | Out-of-bounds Write (CWE-787)
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
CVE-2026-27301 - Adobe Framemaker | Heap-based Buffer Overflow (CWE-122)
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that β¦