01os (>=0.0.5 <=0.0.13), 3m (>=0.1.0 <=0.1.3) +2331 more potentially affected by CVE-2026-28804 via pypdf (>=3.10.0 <=6.7.4)

pypdf PYPI version =3.10.0, =0.0.5, =0.1.0, =0.4.1, =0.2.5, =0.0.2, =0.2.0, =1.2.27, =0.1.0, =1.2.32, =0.1.1, =1.0.0, =2.0.0 and more Source cves: CVE-2026-28804 Source advisory: OSV:GHSA-9M86-7PMV-2852...

GHSA-F2V5-7JQ9-H8CG pypdf: Manipulated RunLengthDecode streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. Patches This has been fixed in pypdf==6.7.4. Workarounds If you cannot upgrade yet, consider applying the changes from PR 36...

CVE-2026-28351

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

CASL Ability is Vulnerable to Prototype Pollution

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...

PT-2026-7279

Name of the Vulnerable Software and Affected Versions CASL Ability versions 2.4.0 through 6.7.4 Description CASL Ability contains a prototype pollution vulnerability. This issue affects versions 2.4.0 through 6.7.4. Prototype pollution occurs when an attacker manipulates the properties of...

WordPress PenNews theme < 6.7.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PenNews versions 6.7.4...

CVE-2025-66675

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related...

PT-2025-50317

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 6.7.4 Apache Struts versions 7.0.0 through 7.0.3 Description A denial of service issue exists in Apache Struts due to a file leak during multipart request processing, which can lead to disk exhaustion...

EUVD-2024-23048

Malicious code in bioql PyPI...

RHSA-2020:4127 Red Hat Security Advisory: Satellite 6.7.4 Async Bug Fix Update

Bulletin has no description...

TCPDF 安全漏洞

TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. TCPDF 6.7.4 and earlier versions have a security vulnerability that stems from vulnerability to ReDoS Regular Expression Denial of Service attacks...

GHSA-MX3P-FHPW-X6RV TCPDF vulnerable to Regular Expression Denial of Service

TCPDF version = 6.7.4 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color...

DEBIAN-CVE-2024-32489

TCPDF before 6.7.4 mishandles calls that use HTML syntax...

CVE-2024-32489

TCPDF before 6.7.4 mishandles calls that use HTML syntax...

CVE-2024-32489

TCPDF before 6.7.4 mishandles calls that use HTML syntax...

CVE-2024-32489

TCPDF vulnerability CVE-2024-32489 involves mishandling calls that use HTML syntax. Connected advisories confirm impact across Debian releases with multiple CVEs in TCPDF and provide versioned fixes: Debian bullseye updates to 6.3.5+dfsg1-1+deb11u1; Debian bookworm fixes to 6.6.2+dfsg1-1+deb12u1;...

CVE-2024-32489

TCPDF before 6.7.4 mishandles calls that use HTML syntax...

DEBIAN-CVE-2023-52429

dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.7.4 and earlier, which originates from Printerwrite in drivers/usb/gadget/functions/fprinter.c failing to correctly ca...

Advisory ROSA-SA-2023-2181

Software: Grafana 6.7.4 OS: ROSA Virtualization 2.1 packageevrstring: grafana-6.7.4-3.rv3.src.rpm CVE-ID: CVE-2023-3128 BDU-ID: 2023-03343 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Grafana web-based data submission tool is related to authentication bypass via spoofing. Exploitation of...