Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in jsPDF (CVE-2026-25535, CVE-2026-25755, CVE-2026-25940)

Summary Multiple vulnerabilities in the jsPDF library used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the library to version 4.2.1. Vulnerability Details CVEID:CVE-2026-25535 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control ...

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the SslBundle.getBundle function. When the spring.ssl.bundle property name is not empty configuration is silently changed to the default SSL configuration. Remediation Upgrade...

CVE-2021-37629

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is...

SQL Injection

Overview pimcore/customer-management-framework-bundle is a Customer Management Framework for management of customer data within Pimcore. Affected versions of this package are vulnerable to SQL Injection via the filterDefinition or filter parameter at the...

PT-2025-1724 · Pimcore · Pimcore/Customer-Data-Framework

Name of the Vulnerable Software and Affected Versions: Pimcore customer-data-framework versions 4.2.0 and earlier Description: A critical issue has been found in Pimcore customer-data-framework, affecting some unknown functionality of the file "/admin/customermanagementframework/customers/list"...

PT-2024-38917 · WordPress · Multivendorx

Name of the Vulnerable Software and Affected Versions: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress versions prior to 4.2.1 Description: The issue is related to an insufficient capability check on the update item permissions check and create item...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via crafted file passed to the the readx function. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

PT-2023-22418 · Abstrium · Abstrium Pydio Cells

Name of the Vulnerable Software and Affected Versions: Abstrium Pydio Cells version 4.2.0 Description: A critical issue has been found in the User Creation Handler component, leading to improper access controls. The attack can be initiated remotely. Upgrading to version 4.2.1 addresses this issue...

PT-2022-8058 · Smarty +2 · Smarty +2

Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.47 Smarty versions 4.x prior to 4.2.1 Description: The issue allows cross-site scripting XSS in the libs/plugins/function.mailto.php file. A web page using smarty function mailto and parameterized with GET or POST...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds. A flaw was found in upx canPack in plxelf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service SEGV or buffer overflow and application crash or possibly have unspecified other impacts via a crafted ELF...