Arbitrary Code Execution

Kirby CMS is vulnerable to arbitrary method call via REST API search and collection query endpoints, allowing attackers to execute sensitive methods like password disclosure or privilege escalation, patched in versions 4.9.1 and 5.4.1.

Multiple vulnerabilities in vm2 allow a remote, anonymous attacker to execute arbitrary code, bypass security measures, manipulate data, and disclose sensitive information.

Adobe After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user if a victim opens a malicious file.

Adobe After Effects versions 26.0, 25.6.4 and earlier are vulnerable to a heap-based buffer overflow (CVE-2026-34642) that could lead to arbitrary code execution when a user opens a malicious file.

Adobe Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability (CVE-2026-34638) that could lead to arbitrary code execution in the context of the current user if a malicious file is opened.

A maliciously crafted input to Babel's `@babel/plugin-transform-modules-systemjs` or `@babel/preset-env` with `modules: 'systemjs'` can cause the tool to generate arbitrary code execution.

A memory corruption vulnerability due to an out-of-bounds read in NI LabVIEW's `sentry_transaction_context_set_operation()` function could lead to information disclosure or arbitrary code execution by opening a specially crafted VI file.

A memory safety vulnerability (CVE-2026-4720) in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 could lead to memory corruption and potential arbitrary code execution if successfully exploited.

Multiple vulnerabilities in the Grub bootloader allow attackers to execute arbitrary code and cause denial-of-service conditions.

Multiple vulnerabilities in CODESYS allow a remote attacker to execute arbitrary program code and conduct a denial-of-service attack.