CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

ROOT-APP-PYPI-CVE-2026-40260 CVE-2026-40260 in rootio-pypdf - Patched by Root

Root has patched CVE-2026-40260 in the rootio-pypdf package for Root:PyPI. Multiple fixed versions available...

CVE-2026-40260 vulnerabilities

Vulnerabilities for packages: open-webui...

openSUSE 16 Security Update : python-PyPDF2 (openSUSE-SU-2026:20598-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20598-1 advisory. Changes in python-PyPDF2: - CVE-2026-40260: crafted PDF can lead to large memory usage bsc1262284 Tenable has extracted the preceding description block...

Security update for python-PyPDF2 (moderate)

openSUSE security update: security update for python-pypdf2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20598-1 Rating: moderate References: bsc1262284 Cross-References: CVE-2026-40260 Affected Products: openSUSE Leap 16.0...

python311-PyPDF2-2.11.1-9.1 on GA media (moderate)

python311-PyPDF2-2.11.1-9.1 on GA media Announcement ID: openSUSE-SU-2026:10582-1 Rating: moderate Cross-References: CVE-2026-40260 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

CVE-2026-40260 vulnerabilities

Vulnerabilities for packages: open-webui, litellm, nemo...

CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

aiagents4pharma (>=1.45.0 <=1.48.1), aiagents4pharma-ansh (=0.0.0) +17 more potentially affected by CVE-2026-40260 via pypdf (=6.0.0)

pypdf PYPI version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on pypdf and may be impacted: - aiagents4pharma =1.45.0, =1759155233.0.0, =0.3.0, =4.7.6, =1.0.0, =0.6.27, =0.0.1, =2025.7.0, =0.1.0, =0.3.6 and more Source cves: CVE-2026-40260...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +644 more potentially affected by CVE-2026-40260 via pypdf (>=3.10.0 <=6.0.0)

pypdf PYPI version =3.10.0, =0.1.1, =0.8.1, =0.9.1, =0.2.0, =0.0.2, =0.0.1, =0.0.1, =0.2.0, =0.1.4, =0.1.0a0.dev0, =1.1.3 and more Source cves: CVE-2026-40260 Source advisory: OSV:GHSA-3CRG-W4F6-42MX...

CVE-2023-40260

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...

CVE-2025-40260

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix scxenable crash on helper kthread creation failure A crash was observed when the schedext selftests runner was terminated with Ctrl+\ while test 15 was running: NIP c00000000028fa58 scxenable.constprop.0+0x358/0x12b...

CVE-2025-40260

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix scxenable crash on helper kthread creation failure A crash was observed when the schedext selftests runner was terminated with Ctrl+\ while test 15 was running: NIP c00000000028fa58 scxenable.constprop.0+0x358/0x12b...

EUVD-2025-40260

Malicious code in candra-mieaceh43-riris npm...

MAL-2025-40260 Malicious code in yankee-mango-november-upvqr (npm)

The package yankee-mango-november-upvqr was found to contain malicious code...

CVE-2023-40260

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...

CVE-2023-40260

EmpowerID prior to 7.205.0.1 is vulnerable to an MFA bypass: if an attacker knows the first factor (username/password), they can change the account’s email address and then receive MFA codes at the attacker-controlled email. This is documented across multiple sources (NVD/Red Hat entries and thir...

CVE-2023-40260

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...

CVE-2021-40260

creationtimestamp| type| source ---|---|--- 2021-11-09 00:29:13+00:00| seen| https://t.me/cibsecurity/32022...

CVE-2021-40260

Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester Tailor Management 1.0 via the 1 eid parameter in a partedit.php and b customeredit.php, the 2 id parameter in a editmeasurement.php and b addpayment.php, and the 3 error parameter in index.php...