27959 matches found
CVE-2026-3649
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportalpopupshortcode function is registered as an AJAX handler via wpajaxkatalogportalshortcodePrinter but lacks any capability check currentusercan or nonc...
CVE-2026-3649
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportalpopupshortcode function is registered as an AJAX handler via wpajaxkatalogportalshortcodePrinter but lacks any capability check currentusercan or nonc...
CVE-2026-3649 Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportalpopupshortcode function is registered as an AJAX handler via wpajaxkatalogportalshortcodePrinter but lacks any capability check currentusercan or nonc...
CVE-2026-3649
CVE-2026-3649 concerns the WordPress plugin “Katalogportal PDF Sync” (Widget) ≤ 1.0.0. The issue is Missing Authorization via the AJAX handler katalogportal_shortcodePrinter, registered through wp_ajax_katalogportal_shortcodePrinter. The handler lacks capability checks (current_user_can()) and no...
CVE-2026-3649 Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportalpopupshortcode function is registered as an AJAX handler via wpajaxkatalogportalshortcodePrinter but lacks any capability check currentusercan or nonc...
WordPress Katalogportal-pdf-sync Widget plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action vulnerability
Missing Authorization to Authenticated Subscriber+ Information Disclosure via 'katalogportalshortcodePrinter' AJAX Action vulnerability discovered by Poli - CMC Global in WordPress Plugin Katalogportal-pdf-sync Widget versions = 1.0.0...
Malicious code in pdf-linker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14402ea1542260a2cb6471902d5e0d037fecb136e1f2b2995b2741eb775f495d The package pdf-linker was found to contain malicious code. Source: ghsa-malware b496570e3a5a77b10f653cddc3b93d0ae974b01b253f0468a02c169c9fc0eb2c Any...
MAL-2026-2677 Malicious code in pdf-linker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14402ea1542260a2cb6471902d5e0d037fecb136e1f2b2995b2741eb775f495d The package pdf-linker was found to contain malicious code. Source: ghsa-malware b496570e3a5a77b10f653cddc3b93d0ae974b01b253f0468a02c169c9fc0eb2c Any...
PT-2026-33021
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportal popup shortcode function is registered as an AJAX handler via wp ajax katalogportal shortcodePrinter but lacks any capability check current user can ...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.101 contained a security vulnerability. This vulnerability stemmed from a heap buffer overflow in the PDFium component, which could allow a remote attacker to execute arbitrary code within a...
WordPress plugin Katalogportal PDF Sync 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Exploit for Use After Free in Adobe Acrobat_Dc
CVE-2020-9715 EDR Validation PoC Use-after-free in Adobe Acro...
CVE-2025-69627
Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc. During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper...
About Remote Code Execution - Adobe Reader (CVE-2026-34621) vulnerability
About Remote Code Execution - Adobe Reader CVE-2026-34621 vulnerability. Adobe Acrobat Reader from 2003 to 2015, "Adobe Reader" is a free PDF viewer developed by Adobe. Versions are available for Windows, macOS, Android, and iOS. The remote code execution vulnerability in Adobe Acrobat for Window...
Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...
CVE-2026-33929
CVE-2026-33929 concerns Apache PDFBox Examples, specifically the ExtractEmbeddedFiles code path traversal. Affected: PDFBox 2.0.24–2.0.36 and 3.0.0–3.0.7. The vulnerability arises when extracting files, allowing write access to arbitrary paths if the user has write rights (examples mention /home/...
Adobe Acrobat Reader 安全漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. This software is used for printing, signing, and annotating PDF documents. Vulnerabilities exist in versions of Adobe Acrobat Reader 26.001.21411 and earlier, as well as versions 24.001.30360 and earlier, and 24.001.30362 and earlier...
Exploit for CVE-2026-34621
CVE-2026-34621 — Windows PoC Prototype Pollution in Adobe A...
EUVD-2025-209419
Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc. During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper...
EUVD-2025-209417
Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert. When app.alert is called with more than one argument and the first argument evaluates to null for example, app.alertapp.activeDocs, true when app.activeDocs is null...