CVE-2026-8889

CVE-2026-8889 is tied to Version 3.0.7 of the Securly Chrome Extension, which uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes). The connected CERT/NVD records describe multiple weak crypto and exposure issues in the same extension...

CVE-2026-8874

CVE-2026-8874 affects Version 3.0.7 of the Securly Chrome Extension, which downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API, while other endpoints use HTTPS. This shows an inconsistent TLS implementation and enables potential interc...

Astra Linux - уязвимость в ruby2.5

A issue was discovered in Ruby 3.x through 3.3.0. If data supplied by an attacker is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3....

CVE-2026-44363

The CVE-2026-44363 issue affects MISP modules (misp-modules), specifically the html_to_markdown and qrcode modules. Root cause: unsafe remote resource fetching and insufficient URL validation, with qrcode also disabling TLS certificate verification. Impact: potential Server-Side Request Forgery (...

OESA-2026-2240 pdfbox security update

Apache PDFBox is an open source Java PDF library for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is...

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-016521)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016521 advisory. An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data...

WordPress HT Mega plugin < 3.0.7 - Unauthenticated PII Disclosure vulnerability

Unauthenticated PII Disclosure vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin HT Mega versions 3.0.7...

CVE-2026-33929 Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

PT-2026-32604

Name of the Vulnerable Software and Affected Versions Apache PDFBox versions 2.0.24 through 2.0.36 Apache PDFBox versions 3.0.0 through 3.0.7 Description The ExtractEmbeddedFiles example contains a path traversal issue, which occurs when an application does not properly restrict the pathnames use...

Apache PDFBox 安全漏洞

Apache PDFBox is an open-source tool library based on the Java language, developed by the Apache Foundation. This product provides functions for creating and editing PDF documents. Versions of Apache PDFBox from 2.0.24 to 2.0.36, as well as 3.0.0 to 3.0.7, have security vulnerabilities due to...

CVE-2026-27071

Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through = 3.0.7...

CVE-2026-32365

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through = 3.0.7...

CVE-2026-27071

Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through = 3.0.7...

PT-2026-27972

Name of the Vulnerable Software and Affected Versions Arraytics WPCafe versions n/a through 3.0.7 Description An authorization issue exists in Arraytics WPCafe wp-cafe due to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendations Update...

EUVD-2026-11858

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through = 3.0.7...

CVE-2026-32365

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through = 3.0.7...

CVE-2026-32365

CVE-2026-32365 concerns the WordPress Collapsing Archives plugin, affected versions up to and including 3.0.7. The issue is an improper neutralization of special elements in an SQL command, enabling blind SQL injection via the collapsing-archives component. The vulnerability is described consiste...

CVE-2026-32365 WordPress Collapsing Archives plugin <= 3.0.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through = 3.0.7...

PT-2026-25212

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through = 3.0.7...

WordPress plugin Collapsing Archives SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...