Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-14
CVE-2026-21298 - Substance3D - Modeler Plugin
Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Substance3D - Modeler
CVE-2026-21298
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2026-22818 - Hono Plugin
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly define an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged tokens to be accepted. The JWK/JWKS JWT verification middleware has been updated to require an explicit allowlist of asymmetric algorithms when verifying tokens. The middleware no longer derives the verification…
PLUGIN
Hono
CVE-2026-22818
Risk Score
Threat Entry
Updated 2026-01-20
CVE-2026-22817 - Hono Plugin
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not explicitly specify an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged tokens to be accepted. As part of this fix, the JWT middleware now requires the alg option to be explicitly specified. This prevents algorithm confusion by ensuring that the verification algorithm is…
PLUGIN
Hono
CVE-2026-22817
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-22814 - Lucid Plugin
@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state. This may lead to logic bypasses and unauthorized record modification within a table or model. This affects @adonisjs/lucid through version 21.8.1 and 22.x pre-release versions prior to 22.0.0-next.6. This has been patched in @adonisjs/lucid versions 21.8.2 and 22.0.0-next.6.
PLUGIN
Lucid
CVE-2026-22814
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21307 - Substance3D - Designer Plugin
Substance3D - Designer versions 15.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Substance3D - Designer
CVE-2026-21307
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21306 - Substance3D - Sampler Plugin
Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Substance3D - Sampler
CVE-2026-21306
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21305 - Substance3D - Painter Plugin
Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Substance3D - Painter
CVE-2026-21305
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21287 - Substance3D - Stager Plugin
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Substance3D - Stager
CVE-2026-21287
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21304 - InDesign Desktop Plugin
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
InDesign Desktop
CVE-2026-21304
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21283 - Bridge Plugin
Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Bridge
CVE-2026-21283
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21280 - Illustrator Plugin
Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
PLUGIN
Illustrator
CVE-2026-21280
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21281 - InCopy Plugin
InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
InCopy
CVE-2026-21281
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21277 - InDesign Desktop Plugin
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
InDesign Desktop
CVE-2026-21277
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21276 - InDesign Desktop Plugin
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
InDesign Desktop
CVE-2026-21276
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21275 - InDesign Desktop Plugin
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
InDesign Desktop
CVE-2026-21275
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21272 - Dreamweaver Desktop Plugin
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
PLUGIN
Dreamweaver Desktop
CVE-2026-21272
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21271 - Dreamweaver Desktop Plugin
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
PLUGIN
Dreamweaver Desktop
CVE-2026-21271
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21268 - Dreamweaver Desktop Plugin
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
PLUGIN
Dreamweaver Desktop
CVE-2026-21268
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21267 - Dreamweaver Desktop Plugin
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
PLUGIN
Dreamweaver Desktop
CVE-2026-21267
Risk Score
Threat Entry
Updated 2026-01-14
CVE-2026-21274 - Dreamweaver Desktop Plugin
Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass security measures and execute unauthorized code. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
PLUGIN
Dreamweaver Desktop
CVE-2026-21274
Risk Score