EUVD-2025-93454

Illustrator on iPad versions 3.0.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2025-46492

Name of the Vulnerable Software and Affected Versions Illustrator on iPad versions 3.0.9 and earlier Description Illustrator on iPad versions 3.0.9 and earlier are susceptible to a Heap-based Buffer Overflow. Successful exploitation of this issue could lead to arbitrary code execution with the...

Adobe Illustrator on iPad 安全漏洞

Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Illustrator on iPad, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...

PT-2025-46489

Name of the Vulnerable Software and Affected Versions Illustrator on iPad versions 3.0.9 and earlier Description Illustrator on iPad versions 3.0.9 and earlier are susceptible to an Integer Underflow vulnerability. Successful exploitation of this issue could lead to arbitrary code execution withi...

CVE-2025-58684

CVE-2025-58684 : Stored XSS in WordPress plugin Logo Showcase (Logo Showcase – Responsive Logo Carousel, Grid, List & Ticker). Affected component/issue: improper neutralization of input during web page generation. Impact: stored XSS vulnerability in logos/grid rendering. Affected versions: up to ...

PT-2025-38972

Name of the Vulnerable Software and Affected Versions Themepoints Logo Showcase versions through 3.0.9 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious code can be...

com.easy-flowable:easy-flowable-solon-plugin (>=1.0.0 <=1.0.2), com.luomor.pcsms:pcsms-solon-plugin-example (>=1.0.0 <=1.0.1) +17 more potentially affected by CVE-2025-1584 via org.noear:solon-web-staticfiles (>=3.0.0-M1 <=3.0.9-M2)

org.noear:solon-web-staticfiles MAVEN version =3.0.0-M1, =1.0.0, =1.0.0, =2024.3.0, =1.3.0, =20250107, =3.3.4, =1.8.4, =1.3.1, =1.7.8, =1.9.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.10-M1 and more Source cves: CVE-2025-1584 Source advisory: SNYK:JAVA-ORGNOEAR-8745976...

PT-2024-36131 · Unknown · Prodigy Commerce

Name of the Vulnerable Software and Affected Versions: Prodigy Commerce versions 3.0.9 and earlier Description: The issue is related to a Missing Authorization vulnerability in Prodigy Commerce, allowing the exploitation of incorrectly configured access control security levels. Recommendations: F...

WordPress plugin Prodigy Commerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PYSEC-2022-42990

A vulnerability was found in collective.task up to 3.0.9. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotel...

spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

Xxe

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

javascript: URIs

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header. NOTE...