OESA-2026-2240 pdfbox security update

Apache PDFBox is an open source Java PDF library for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is...

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-016521)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016521 advisory. An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data...

CVE-2026-33929 Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

CVE-2026-27071

Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through = 3.0.7...

PT-2026-27972

Name of the Vulnerable Software and Affected Versions Arraytics WPCafe versions n/a through 3.0.7 Description An authorization issue exists in Arraytics WPCafe wp-cafe due to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendations Update...

DEBIAN-CVE-2025-55816

HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting XSS in the /modificaapp.php file...

CVE-2025-21133

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2025-1289 · Adobe · Illustrator

Name of the Vulnerable Software and Affected Versions: Adobe Illustrator versions 3.0.7 and earlier Description: The issue is related to an Integer Underflow Wrap or Wraparound that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires us...

CVE-2024-10527

The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motechspacercallback function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view...

CVE-2024-49312

Server-Side Request Forgery SSRF vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.7...

PT-2024-33452 · Edwiser · Edwiser Bridge

Name of the Vulnerable Software and Affected Versions: Edwiser Bridge versions 3.0.7 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability. This means that an attacker could potentially force the server to make unintended requests, leading to various security...

PT-2024-33451 · Unknown · Edwiser Bridge

Name of the Vulnerable Software and Affected Versions: Edwiser Bridge versions 3.0.7 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS or Stored XSS. This allows Stored XSS attacks, which can be...

CVE-2024-27282

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...

WordPress plugin ElementsKit Elementor addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

OpenHarmony 代码问题漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony-v3.1.4 version and earlier, OpenHarmony-v3.0.7 version and earlier, which stems from a null pointer reference...

Emerson XWEB 300D EVO 路径遍历漏洞

The Emerson XWEB 300D EVO is an energy efficient air conditioner from Emerson USA. A security vulnerability exists in Emerson XWEB 300D EVO 3.0.7--3ee403, which stems from incorrect access control and directory traversal. An attacker can exploit the vulnerability to browse and delete files withou...

Pepperl Fuchs WirelessHART-Gateway 信任管理问题漏洞

The Pepperl Fuchs WirelessHART-Gateway is a gateway device from Pepperl Fuchs, Germany. A trust management issue vulnerability exists in Pepperl Fuchs WirelessHART-Gateway versions 3.0.7 through 3.0.9, which arises when SSH and telnet services are active using hard-coded credentials...

PT-2019-12954 · Hunesion · Hunesion I-Onenet

Name of the Vulnerable Software and Affected Versions: Hunesion i-oneNet versions 3.0.7 through 3.0.53 Hunesion i-oneNet versions 4.0.4 through 4.0.16 Description: The issue arises from the lack of update file integrity checking in the upgrade process, allowing an attacker to craft a malicious fi...

CVE-2016-1200

The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199...

PT-2009-5951 · Linux +3 · Linux +4

Name of the Vulnerable Software and Affected Versions: Sun VirtualBox versions 3.0.x through 3.0.7 Description: The issue allows local users to gain privileges via unknown vectors due to an unspecified vulnerability in the VBoxNetAdpCtl configuration tool. This affects installations on Solaris x8...