Lucene search
K

676 matches found

RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.6 views

CVE-2026-3774

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

7.5CVSS5.9AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.6 views

CVE-2026-3776

The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 3:31 a.m.5 views

EUVD-2026-17749

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

4.7CVSS5.9AI score0.00109EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 2:16 a.m.6 views

CVE-2026-3774

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

7.5CVSS0.00109EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 1:40 a.m.3 views

CVE-2026-3774 Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

4.7CVSS5.9AI score0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 1:40 a.m.32 views

CVE-2026-3774 Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

4.7CVSS0.00109EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 1:40 a.m.3 views

CVE-2026-3776

The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29438

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

6.2CVSS5.9AI score0.00103EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Reader and Foxit PDF Editor have security vulnerabilities. These vulnerabilities stem from the lack of verification of the...

5.5CVSS5.8AI score0.00103EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/30 11:30 p.m.10 views

SUSE CVE-2026-32241

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

8.8CVSS6.2AI score0.02709EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.3 views

CVE-2026-32241

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

7.5CVSS6.2AI score0.02709EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 8:28 p.m.1 views

GHSA-VCHX-5PR6-FFX2 Flannel has cross-node remote code execution via extension backend BackendData injection

Background The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. This backend uses shell commands stored in Kubernetes annotations to configure network connectivity on the node. Note: consumers are only affected by this vulnerabili...

7.5CVSS6.2AI score0.02709EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/27 8:28 p.m.2 views

EUVD-2026-16771

Flannel has cross-node remote code execution via extension backend BackendData injection...

7.5CVSS6.4AI score0.02709EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 8:28 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the Extension backend process. An attacker can execute arbitrary commands with root privileges on affected nodes by injecting malicious data into the flannel.alpha.coreos.com/backend-data annotation, which is then...

8.8CVSS6.2AI score0.02709EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/27 8:28 p.m.12 views

Flannel has cross-node remote code execution via extension backend BackendData injection

Background The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. This backend uses shell commands stored in Kubernetes annotations to configure network connectivity on the node. Note: consumers are only affected by this vulnerabili...

8.8CVSS6.2AI score0.02709EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/27 8:16 p.m.3 views

CVE-2026-32241

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

8.8CVSS0.02709EPSS
Exploits0References2
CVE
CVE
added 2026/03/27 7:31 p.m.14 views

CVE-2026-32241

CVE-2026-32241 – Flannel extension backend command injection . The vulnerability affects Flannel prior to v0.28.2 when using the experimental Extension backend. The SubnetAddCommand and SubnetRemoveCommand take attacker-controlled data from the Kubernetes Node annotation flannel.alpha.coreos.com/...

8.8CVSS6.2AI score0.02709EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/27 7:31 p.m.3 views

CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

7.5CVSS6.2AI score0.02709EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/27 7:31 p.m.20 views

CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

7.5CVSS0.02709EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/27 7:31 p.m.2 views

CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

7.5CVSS6.2AI score0.02709EPSS
Exploits0References2
Rows per page
Query Builder