Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-27024 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to ...

CubeCart 输入验证错误漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. In versions 6.6.x to 6.7.1 of CubeCart, there is a vulnerability related to input validation errors. This vulnerability stems from directly constructing the CCSTOREURL constant from the Host request headers and embedding the...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the rdsrecvtracklatency function in net/rds/afrds.c in the Linux kernel, from version 6.7.1 onwards, there is an off-by-one error in the comparison of RDSMSGRXDGRAMTRACEMAX, which leads to out-of-bounds access...

Linux Distros Unpatched Vulnerability : CVE-2026-27025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes an...

CVE-2026-27026

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1...

CVE-2026-27026

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1...

CVE-2026-27025

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...

CVE-2026-27024

CVE-2026-27024 affects the pypdf (pypdf2) library prior to 6.7.1. The vulnerability allows an attacker to craft a PDF that causes an infinite loop when processing TreeObject children (e.g., in outlines), resulting in a DoS. The issue is fixed in version 6.7.1; multiple connected advisories (openS...

PT-2026-20908

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...

GHSA-9MVC-8737-8J8H pypdf possibly has long runtimes for malformed FlateDecode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. Patches This has been fixed in pypdf==6.7.1. Workarounds If you cannot upgrade yet, consider applying the chang...

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the FlateDecode class. An attacker can cause excessive resource consumptio...

pypdf has possible long runtimes/large memory usage for large /ToUnicode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. Patches This has been fixed in pypdf==6.7.1. Workarounds ...

GHSA-WGVP-VG3V-2XQ3 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. Patches This has been fixed in pypdf==6.7.1. Workarounds ...

Infinite loop

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop in the children function in generic/datastructures.py‎, which fails to return from nodes with cyclic links in a...

PT-2025-45542

Name of the Vulnerable Software and Affected Versions Groups plugin for WordPress versions prior to 6.7.1 Description The Groups plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This flaw stems from inadequate validation of a user-controlled key, specifically the...

EUVD-2018-13307

Malware in sbrugna...

EUVD-2019-3326

Malware in sbrugna...

EUVD-2019-13123

Malware in sbrugna...

EUVD-2024-1382

Malicious code in bioql PyPI...

CVE-2025-9846

Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection.This issue affects Inka.Net: before 6.7.1...