Michele Spagnuolo

**Name of the Vulnerable Software and Affected Versions** CAI Content Credentials versions c2pa-web@0.7.1 and earlier CAI Content Credentials versions c2pa-v0.80.1 and earlier **Description** Improper Input Validation allows an attacker to crash the application, resulting in a denial-of-service condition. This issue can be exploited without requiring any user interaction. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ColdFusion versions prior to 2023.20 ColdFusion versions prior to 2025.9 **Description** An improper limitation of a pathname to a restricted directory, known as Path Traversal, allows an attacker to bypass security features and access unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction, specifically requiring a victim to open a malicious file. **Recommendations** Update ColdFusion to a version later than 2023.19. Update ColdFusion to a version later than 2025.8.

**Name of the Vulnerable Software and Affected Versions** WCFM Membership versions prior to 2.11.11 **Description** A missing authorization issue in the `wc-multivendor-membership` component allows for the exploitation of incorrectly configured access control security levels. **Recommendations** Update to a version later than 2.11.10.

**Name of the Vulnerable Software and Affected Versions** Arm ArmNN versions prior to 2026-03-28 **Description** An integer overflow exists in the `TensorShape::GetNumElements()` function within `armnn/Tensor.cpp`. This occurs when tensor dimensions are multiplied using 32-bit unsigned arithmetic without overflow detection, leading the `GetNumBytes()` function to return an understated allocation size. A crafted TFLite model file can exploit this to bypass buffer size validation, triggering a heap-based buffer over-read during model optimization. Specifically, the `BatchToSpaceNdLayer` reads beyond the allocated buffer during the `Optimize()->InferOutputShapes()` process. **Recommendations** Update to a version released after 2026-03-27.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions prior to 2.4.9-beta1 **Description** A stored Cross-Site Scripting (XSS) issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts execute in the browser of a victim who visits the page containing the affected field. **Recommendations** Update to a version newer than 2.4.9-beta1.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions prior to 2.4.9-beta1 **Description** An improper authorization issue allows an attacker to bypass security features and obtain unauthorized write access. Exploitation requires user interaction, such as visiting a maliciously crafted URL or interacting with a compromised web page. **Recommendations** Update to a version newer than 2.4.9-beta1.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions prior to 2.4.9-beta1 **Description** An uncontrolled resource consumption issue exists that could lead to an application denial-of-service. An attacker can exploit this to exhaust system resources, causing the application to become unavailable. This exploitation does not require user interaction. **Recommendations** Update to a version newer than 2.4.9-beta1.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions prior to 2.4.9-beta1 **Description** A stored Cross-Site Scripting (XSS) issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts execute in the browser of a victim who visits the page containing the affected field. **Recommendations** Update to a version newer than 2.4.9-beta1.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions prior to 2.4.9-beta1 **Description** A dependency on a vulnerable third-party component could result in an application denial-of-service. An attacker could exploit this issue to crash the application without requiring any user interaction. **Recommendations** Update to a version newer than 2.4.9-beta1.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions prior to 2.4.9-beta1 **Description** An incorrect authorization issue allows an attacker to bypass security features and gain unauthorized write access. This exploitation does not require any user interaction. **Recommendations** Update to a version newer than 2.4.9-beta1.

**Name of the Vulnerable Software and Affected Versions** Dell/Alienware Purchased Apps versions prior to 1.1.31.0 **Description** An improper link resolution before file access, also known as link following, allows a low privileged attacker with local access to perform an arbitrary file write. Link following occurs when a program follows a symbolic link to a file or directory without verifying if the link points to an intended location. **Recommendations** Update to version 1.1.31.0 or later.

**Name of the Vulnerable Software and Affected Versions** Dell iDRAC10 version 1.20.70.50 Dell iDRAC10 version 1.30.05.10 **Description** An insufficiently protected credentials issue exists due to a race condition, which is a situation where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events. This could allow an authenticated low-privileged attacker to gain elevated access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bridge versions 16.0.2 and earlier Bridge versions 15.1.4 and earlier **Description** A Heap-based Buffer Overflow occurs when an application writes more data to a heap-allocated memory block than it can hold. This issue could result in arbitrary code execution in the context of the current user and requires user interaction, specifically that a victim opens a malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InDesign Desktop versions 20.5.2 and 21.2 and earlier **Description** A Heap-based Buffer Overflow occurs when a program writes more data to a heap-allocated memory block than it can hold. This issue could result in arbitrary code execution in the context of the current user and requires user interaction, specifically the opening of a malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell PowerProtect Data Domain versions 8.5 through 8.6 **Description** Improper neutralization of special elements used in an OS command allows a high privileged attacker with remote access to execute arbitrary commands with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InDesign Desktop versions 20.5.2 and 21.2 and earlier **Description** A Use After Free issue exists where the software continues to use a pointer after it has been freed. This could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically the opening of a malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FortiSOAR PaaS versions 7.6.0 through 7.6.3 FortiSOAR PaaS versions 7.5.0 through 7.5.2 FortiSOAR PaaS versions 7.4 FortiSOAR PaaS versions 7.3 FortiSOAR on-premise versions 7.6.0 through 7.6.3 FortiSOAR on-premise versions 7.5.0 through 7.5.2 FortiSOAR on-premise versions 7.4 FortiSOAR on-premise versions 7.3 **Description** An improper neutralization of input during web page generation allows an authenticated remote attacker to perform a stored cross-site scripting (XSS) attack via crafted HTTP Requests. XSS is a flaw where malicious scripts are injected into otherwise benign and trusted websites. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InDesign Desktop versions 20.5.2 and 21.2 and earlier **Description** An out-of-bounds read occurs when parsing a crafted file, which can lead to a read past the end of an allocated memory structure. This issue allows an attacker to execute code in the context of the current user, provided the victim opens a malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe InDesign versions prior to 20.5.3 Adobe InDesign versions prior to 21.3 **Description** A heap-based buffer overflow occurs in the dynamic memory of the application. This issue can be triggered when a user opens a malicious file, potentially allowing an attacker to cause a denial-of-service condition, resulting in an application crash or disruption of functionality. **Recommendations** Update to version 20.5.3 or later. Update to version 21.3 or later.

**Name of the Vulnerable Software and Affected Versions** Acrobat DC versions prior to 26.001.21411 Acrobat Reader DC versions prior to 26.001.21411 Acrobat 2024 (affected versions not specified) **Description** An Improperly Controlled Modification of Object Prototype Attributes, also known as Prototype Pollution, exists in the JavaScript engine of Adobe Acrobat and Reader. This issue occurs due to insecure handling of object properties in privileged APIs, allowing an attacker to pollute the base `Object.prototype` and redirect the execution flow of the process. This can lead to arbitrary code execution in the context of the current user and potentially result in full system takeover. The flaw is specifically linked to the `util.readFileIntoStream()` function, which can be used to read arbitrary files, and the `RSS.addFeed()` function, which has been repurposed as a bidirectional command and control channel to exfiltrate data and receive additional payloads. Exploitation requires the victim to open a maliciously crafted PDF file, which can be triggered via email, web downloads, or preview panes in applications like Outlook or macOS Finder. Approximately 600 million active installations worldwide were potentially affected. The issue has been actively exploited by APT groups since December 2025 for espionage and fingerprinting attacks. **Recommendations** Update Acrobat DC and Acrobat Reader DC to versions 26.001.21411 or later. As a temporary workaround, navigate to Preferences > JavaScript and uncheck Enable Acrobat JavaScript to disable the primary attack vector.