Lucene search
K

11475 matches found

Github Security Blog
Github Security Blog
added 2026/03/10 6:31 p.m.6 views

Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

5.3CVSS5.8AI score0.00886EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/10 6:31 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the PDComplexFileSpecification.getFilename function. An attacker can access arbitrary files on the file system by supplying crafted file names that traverse directories during file extraction. Note: This issue...

5.3CVSS6.5AI score0.00886EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 6:31 p.m.9 views

EUVD-2026-10481

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

5.3CVSS5.8AI score0.00886EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/10 6:31 p.m.5 views

EUVD-2026-10480

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

5.3CVSS5.8AI score0.00886EPSS
Exploits0References4
OSV
OSV
added 2026/03/10 6:31 p.m.3 views

GHSA-JJWR-XMW6-GF78 Apache PDFBox has Path Traversal through PDComplexFileSpecification.getFilename() function

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

5.3CVSS5.8AI score0.00886EPSS
Exploits0References5
NVD
NVD
added 2026/03/10 6:18 p.m.8 views

CVE-2026-23907

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

5.3CVSS0.00886EPSS
Exploits0References3
OSV
OSV
added 2026/03/10 6:18 p.m.5 views

DEBIAN-CVE-2026-23907

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

5.3CVSS5.4AI score0.00886EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 5:37 p.m.1 views

CVE-2026-30974 Copyparty volflag `nohtml` did not block javascript in svg files

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the...

4.6CVSS5.8AI score0.00323EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/10 1:0 p.m.5 views

CVE-2026-23907

A path traversal vulnerability was identified in the ExtractEmbeddedFiles example provided with Apache PDFBox. The example code constructs extraction paths by directly appending filenames obtained from PDComplexFileSpecification.getFilename without validating the resulting path. An attacker could...

6.5CVSS5.8AI score0.00886EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/10 9:43 a.m.34 views

CVE-2026-23907 Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

0.00886EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/10 9:43 a.m.4 views

CVE-2026-23907

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

5.3CVSS5.4AI score0.00886EPSS
Exploits0
CVE
CVE
added 2026/03/10 9:43 a.m.58 views

CVE-2026-23907

Summary (CVE-2026-23907) Apache PDFBox’s ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) where the filename from PDComplexFileSpecification.getFilename() was appended to the extraction path. Affected versions: 2.0.24–2.0.35 and 3.0.0–3.0.6. Subsequent releases 2.0.3...

5.3CVSS5.8AI score0.00886EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24199

Name of the Vulnerable Software and Affected Versions Apache PDFBox versions 2.0.24 through 2.0.36 Apache PDFBox versions 3.0.0 through 3.0.7 Description The ExtractEmbeddedFiles example within Apache PDFBox contains a path traversal issue. The filename obtained from...

5.3CVSS5.8AI score0.00886EPSS
Exploits0References19
Fedora
Fedora
added 2026/03/09 1:2 a.m.5 views

[SECURITY] Fedora 42 Update: cef-145.0.28^chromium145.0.7632.159-1.fc42

CEF is an embeddable build of Chromium, powered by WebKit Blink...

9.8CVSS7.5AI score0.00642EPSS
Exploits0
Fedora
Fedora
added 2026/03/07 12:33 a.m.4 views

[SECURITY] Fedora 44 Update: cef-145.0.25^chromium145.0.7632.75-4.fc44

CEF is an embeddable build of Chromium, powered by WebKit Blink...

8.8CVSS5.8AI score0.2202EPSS
Exploits13
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.6 views

CVE-2026-30791

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Config import, URI scheme handler, CLI --config modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated wit...

8.7CVSS5.8AI score0.0024EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/06 2:37 p.m.6 views

CVE-2026-3598

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Config string generation, web console export modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routin...

8.7CVSS5.8AI score0.00226EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:55 a.m.4 views

CVE-2025-68515

Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allows Retrieve Embedded Sensitive Data.This issue affects WP Booking System: from n/a through = 2.0.19.12...

5.8CVSS5.8AI score0.00316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:55 a.m.5 views

CVE-2026-27370

Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty: from n/a through = 3.5.1...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 8:19 p.m.9 views

EUVD-2026-9860

LangGraph checkpoint loading has unsafe msgpack deserialization...

6.8CVSS5.9AI score0.05219EPSS
Exploits0References1
Rows per page
Query Builder