Lucene search
+L

59 matches found

nvd
nvd
added yesterday5 views

CVE-2026-45738

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/ annotations whose pipe-separated values are rendered by...

7.3CVSS0.00037EPSS
Exploits0References7
cve
cve
added 2026/07/08 7:36 a.m.18 views

CVE-2026-13126

CVE-2026-13126 affects Foxit PDF Editor/Reader due to a use-after-free in the handling of PDF annotations (embedded JavaScript). The issue can lead to a crash when the application attempts to write to an invalid popup annotation object, as described in the CVE description. CVSS 3.1 metrics indica...

7.8CVSS6AI score0.00116EPSS
Exploits0References1Affected Software2
cvelist
cvelist
added 2026/07/08 7:36 a.m.34 views

CVE-2026-57238 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability

After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
cve
cve
added 2026/07/08 7:36 a.m.14 views

CVE-2026-57248

The CVE-2026-57248 entry concerns Foxit PDF Editor/Reader where opening a PDF and performing JavaScript to write annotation attributes can bypass object type/argument checks, corrupting the internal annotation structure and causing a crash on release. This is described as a local, user-interactio...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software2
cvelist
cvelist
added 2026/07/08 7:36 a.m.32 views

CVE-2026-57249 Foxit PDF Editor/Reader Annotation Use-After-Free Vulnerability

After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...

7.8CVSS0.00116EPSS
Exploits0References1
zdi
zdi
added 2026/06/10 12:0 a.m.11 views

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS5.9AI score0.00352EPSS
Exploits0References1
zdi
zdi
added 2026/06/09 12:0 a.m.11 views

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS5.9AI score0.00257EPSS
Exploits0References1
zdi
zdi
added 2026/06/09 12:0 a.m.12 views

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS5.9AI score0.00257EPSS
Exploits0References1
nessus
nessus
added 2026/05/04 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.13.43 (RHSA-2024:3496)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3496 advisory. - cri-o: Arbitrary command injection via pod annotation CVE-2024-3154 Note that Nessus has not tested for this issue but has instead relied...

7.2CVSS6.4AI score0.01418EPSS
Exploits0References4
cvelist
cvelist
added 2026/04/27 11:0 a.m.35 views

CVE-2026-5940 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...

7.8CVSS0.00169EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/20 7:11 a.m.11 views

CVE-2025-66495

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially...

7.8CVSS7.5AI score0.00255EPSS
Exploits0References1
zdi
zdi
added 2025/12/09 12:0 a.m.8 views

Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS7AI score0.00435EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-21595

Malware in sbrugna...

7.8CVSS7.5AI score0.00349EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.10 views

EUVD-2024-50292

Malicious code in bioql PyPI...

7.8CVSS5.9AI score0.00448EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-50295

Malicious code in bioql PyPI...

8.8CVSS7.5AI score0.00875EPSS
Exploits0References2
veracode
veracode
added 2025/09/13 9:51 a.m.7 views

SQL Injection

Django is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of column aliases in FilteredRelation when crafted dictionaries are expanded as keyword arguments to QuerySet.annotate or QuerySet.alias, which allows an attacker to inject and execute arbitrary SQL...

8.1CVSS8AI score0.15602EPSS
Exploits4References13Affected Software2
nessus
nessus
added 2025/09/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-12052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana version 6.7.3 is vulnerable for annotation popup XSS. CVE-2020-12052 Note that Nessus relies on the presence of the package as reported by the vendor...

6.1CVSS6.2AI score0.0148EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/22 4:30 p.m.10 views

CVE-2020-2317

Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...

5.4CVSS5.4AI score0.00852EPSS
Exploits0
osv
osv
added 2025/03/24 11:29 p.m.5 views

CVE-2025-1097 ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

8.8CVSS7.2AI score0.34677EPSS
Exploits7References6
zdi
zdi
added 2025/03/13 12:0 a.m.13 views

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

7.8CVSS6.7AI score0.00345EPSS
Exploits0References1
Rows per page
Query Builder