PDF Complete code issue vulnerabilities

PDF Complete is a PDF editor developed by PDF Complete Inc. Version 3.5.310.2002 of PDF Complete has a code vulnerability that stems from the lack of quotation marks around the pdfsvc.exe service path, which may lead to privilege escalation...

CVE-2021-47896 PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path

PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will b...

CVE-2021-47896

PDF Complete Corporate Edition 4.1.45 is affected by an unquoted service path in the pdfcDispatcher service, enabling local attackers to potentially execute arbitrary code with LocalSystem privileges. Affected component: pdfcDispatcher (unquoted service path). Root cause: the service binary locat...

Azure Linux 3.0 Security Update: kernel (CVE-2024-36930)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36930 advisory. - In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within...

CVE-2026-21967

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications component: Opera Servlet. Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...

WordPress Academy LMS plugin <= 3.5.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by vgo0 in WordPress Plugin Academy LMS versions = 3.5.0...

Malicious code in babel-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e9ff5d2308ea7b49b6fbf0f4e49dd88fe66d82523ae39b56d2c8ce3747e64c7 The package babel-js was found to contain malicious code. Source: ghsa-malware 971a7cbc4a8fb219a47c89b6aa15c980a6d562786f2800c575eb250f53e229e1 Any...

EUVD-2026-3569

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: User and User Group. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of...

WordPress Plugin Academy LMS – WordPress LMS Plugin for a Complete eLearning Solution Security Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

CVE-2025-14757

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...

CVE-2025-14757 Cost Calculator Builder <= 3.6.9 - Missing Authorization to Unauthenticated Payment Status Bypass

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003790 advisory. Memory leaks in drivers/net/wireless/ath/ath9k/htchst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption by...

CVE-2026-22857 FreeRDP has a heap-use-after-free in irp_thread_func

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by irp-Complete and then accessed again on the error path. This vulnerability is fixed in 3.20.1...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000560)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000560 advisory. Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the...

CVE-2025-13935

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

Malicious code in pinecone-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c597ee3d643e51ba6eca0553a77be1c79a3e5dc72d8450b09b7f405a558d2d56 The package pinecone-js was found to contain malicious code. Source: ghsa-malware 0e6ef1006a92156684ab8d3e78ab8e036d4c27f591eba5212441a68be8231a66 An...

CVE-2025-53477

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

CVE-2025-53477

CVE-2025-53477 is a NULL pointer dereference vulnerability in Apache NimBLE (NimBLE host HCI layer). The issue stems from missing validation of HCI connection complete or HCI command TX buffers, which can lead to a NULL pointer dereference when combined with disabled asserts and a malfunctioning ...

CVE-2019-20004

An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router...

CVE-2025-13935

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...