Apache PDFBox 路径遍历漏洞

Apache PDFBox is an open-source tool library based on the Java language, developed by the Apache Foundation. This product provides functions for creating and editing PDF documents. Versions 2.0.24 to 2.0.35, as well as 3.0.0 to 3.0.6 of Apache PDFBox, have a path traversal vulnerability. This...

CVE-2025-58221

Missing Authorization vulnerability in ONTRAPORT PilotPress pilotpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PilotPress: from n/a through = 2.0.36...

CVE-2025-58238

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ONTRAPORT PilotPress pilotpress allows Stored XSS.This issue affects PilotPress: from n/a through = 2.0.36...

CVE-2025-58238 WordPress PilotPress Plugin <= 2.0.36 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ONTRAPORT PilotPress pilotpress allows Stored XSS.This issue affects PilotPress: from n/a through = 2.0.36...

PT-2025-38903

Name of the Vulnerable Software and Affected Versions ONTRAPORT PilotPress versions through 2.0.35 Description A flaw exists in ONTRAPORT PilotPress that allows for Stored Cross-site Scripting XSS. This issue arises from improper handling of input during the creation of web pages. Successful...

CVE-2017-20193

The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendordescription' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

WordPress FooGallery plugin <= 2.0.30 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by avolume in WordPress FooGallery plugin versions = 2.0.30. Solution Update the WordPress FooGallery plugin to the latest available version at least 2.0.35...

GHSA-93JQ-624G-4P9P Improper Input Validation in async-http-client

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

Vulnerability in Async Http Client

Async Http Client aka AHC or async-http-client is a client library that allows a Java application to perform an HTTP request and process that HTTP response asynchronously. A security vulnerability exists in Async Http Client versions prior to 2.0.35. An attacker could exploit the vulnerability to...

Gentoo Security Advisory GLSA 201006-16 (gd)

The remote host is missing updates announced in advisory GLSA 201006-16. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

mod_ssl SSLCipherSuite bypass

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

libgd NULL pointer dereference when reading a corrupt X bitmap

The gdImageCreateXbm function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to cause a denial of service crash via unspecified vectors involving a gdImageCreate failure...