OESA-2026-2240 pdfbox security update

Apache PDFBox is an open source Java PDF library for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is...

CVE-2026-33929

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

PT-2026-32604

Name of the Vulnerable Software and Affected Versions Apache PDFBox versions 2.0.24 through 2.0.36 Apache PDFBox versions 3.0.0 through 3.0.7 Description The ExtractEmbeddedFiles example contains a path traversal issue, which occurs when an application does not properly restrict the pathnames use...

Arbitrary Command Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Command Injection via the nodevm execution environment when integrated modules such as Puppeteer or Playwright are used with attacker-controlled browser binary paths and parameters...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the classPKField parameter to CommerceChannelRelFinder.countByCC and CommerceChannelRelFinder.findByCC. An attacker can execute arbitrary SQL commands by injecting malicious SQL code. Remediation Upgrade...