Lucene search
K

11 matches found

CVE
CVE
added 2026/06/17 5:59 p.m.30 views

CVE-2026-55197

Hermes WebUI before 0.51.443 has a broken access control weakness in the /api/session endpoint. Authenticated users can bypass profile boundaries and query session IDs from other profiles via GET /api/session?session_id=&messages=1 to retrieve unauthorized transcripts and metadata. This affects t...

7.1CVSS5.3AI score0.00272EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:36 p.m.6 views

Security Bulletin: IBM watsonx.data integration has vulnerabilities due to open source packages (CVE-2025-55197)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-55197 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM bein...

8.7CVSS7AI score0.00408EPSS
Exploits0Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/24 12:0 a.m.9 views

python311-PyPDF2-2.11.1-4.1 on GA media (moderate)

python311-PyPDF2-2.11.1-4.1 on GA media Announcement ID: openSUSE-SU-2026:10238-1 Rating: moderate Cross-References: CVE-2025-55197 CVE-2026-27024 CVE-2026-27025 CVE-2026-27026 Affected Products: openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. Description: These...

8.7CVSS5.5AI score0.00408EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 11:19 a.m.12 views

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-7647 DESCRIPTION: The llama-index-core package, up to version 0.12.44, contains a...

8.7CVSS5.5AI score0.00408EPSS
Exploits0Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2025/08/15 12:0 a.m.6 views

python311-pypdf-6.0.0-1.1 on GA media (moderate)

python311-pypdf-6.0.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15440-1 Rating: moderate Cross-References: CVE-2025-55197 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

8.7CVSS7.3AI score0.00408EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/14 9:57 a.m.5 views

CVE-2025-55197

A flaw was found in pypdf. Processing maliciously crafted PDF files utilizing a sequence of FlateDecode filters can exhaust available RAM. An attacker can trigger this condition by simply reading the malicious PDF file. This results in a resource exhaustion condition, leading to an application...

8.7CVSS6.9AI score0.00408EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/08/13 11:15 p.m.3 views

CVE-2025-55197

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...

8.7CVSS6.9AI score0.00408EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/13 11:3 p.m.12 views

CVE-2025-55197 pypdf's Manipulated FlateDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...

8.7CVSS0.00408EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/13 11:3 p.m.2 views

CVE-2025-55197 pypdf's Manipulated FlateDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...

8.7CVSS7.2AI score0.00408EPSS
Exploits0References5
OSV
OSV
added 2025/08/13 11:3 p.m.4 views

CVE-2025-55197 pypdf's Manipulated FlateDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...

8.7CVSS6.6AI score0.00408EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2025/08/13 7:51 p.m.3 views

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +591 more potentially affected by CVE-2025-55197 via pypdf (>=3.10.0 <=5.9.0)

pypdf PYPI version =3.10.0, =0.1.1, =0.8.1, =0.9.1, =0.2.0, =0.0.2, =0.0.1, =0.0.1, =0.2.0, =0.1.4, =0.1.0a0.dev0, =1.1.3 and more Source cves: CVE-2025-55197 Source advisory: OSV:GHSA-7HFW-26VP-JP8M...

8.7CVSS7AI score0.00408EPSS
Exploits0
Rows per page
Query Builder