CVE-2025-66495 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially...

EUVD-2025-204465

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially...

CVE-2025-66495 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially...

CVE-2025-66495

CVE-2025-66495 is a confirmed use-after-free vulnerability in Foxit PDF Reader/Editor related to annotation handling. Affected products include Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and macOS. The issue arises when opening a PDF containing specially crafted JavaScript, w...

Foxit PDF Reader 安全漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A security vulnerability exists in Foxit PDF Reader versions prior to 2025.2.1, prior to 14.0.1, and prior to 13.2.1, which stems from a post-release reuse in the handling of annotations and could lead to the execution of arbitrary...

PT-2025-52426

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

PT-2025-52499

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

CVE-2025-14727

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2025-203903

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of the nginx.org/rewrite-target annotation. An attacker can access or modify unauthorized files or directories by supplying crafted input to the annotation. Details A Directory Traversal attac...

CVE-2025-14727

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-14727

CVE-2025-14727 affects the NGINX Ingress Controller due to improper validation of the nginx.org/rewrite-target annotation, enabling a path traversal style issue. The F5 advisory notes that the vulnerability is present in the 5.x line (5.3.0) and fixes were introduced in 5.3.1; other branches have...

CVE-2025-14727 NGINX Ingress Controller vulnerability

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-14727 NGINX Ingress Controller vulnerability

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

F5 NGINX Ingress Controller 路径遍历漏洞

F5 NGINX Ingress Controller is a traffic management solution from F5 USA for cloud-native applications in Kubernetes and containerized environments. A path traversal vulnerability exists in F5 NGINX Ingress Controller, which stems from improper validation of the nginx.org/rewrite-target annotatio...

PT-2025-51836

Name of the Vulnerable Software and Affected Versions NGINX Ingress Controller affected versions not specified Description A security issue exists in the NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. The issue concerns validation of the annotation. Software versions...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86: fix clearuserrepgood exception handling annotation This code no longer exists in mainline, because it was removed in commit d2c95f9d6802 "x86: don't use REPGOOD or ERMS for user memory clearing" upstream. However, rather tha...

CVE-2025-55312

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereferen...

CVE-2025-55311

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification b...