Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CNNVD
CNNVDadded 2026/03/18 12:0 a.m.3 views

jsPDF 安全漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the possibility that parameters controlling the createAnnotation method could allow for the injection of...

8.1CVSS5.9AI score0.00046EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/02/19 12:0 a.m.4 views

jsPDF 安全漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.2.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of user input in the addJS method, which could lead to the injection of arbitrary PDF object...

8.8CVSS7.6AI score0.00026EPSS
Exploits2References4
ATTACKERKB
ATTACKERKBadded 2026/02/02 8:29 p.m.5 views

CVE-2026-24737

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or...

8.1CVSS5.5AI score0.00023EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2026/02/02 8:29 p.m.12 views

CVE-2026-24737

The CVE concerns jsPDF prior to 4.1.0, where control over Acroform module properties/methods (notably AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState) allowed injection of arbitrary PDF objects, including Jav...

8.1CVSS5.5AI score0.00023EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2025/10/30 12:12 a.m.4 views

CVE-2025-4665

WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...

9.6CVSS8AI score0.00076EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/28 12:0 a.m.2 views

PT-2025-44222

Name of the Vulnerable Software and Affected Versions Contact Form CFDB7 versions up to and including 1.3.2 Description The Contact Form CFDB7 plugin for WordPress is affected by a pre-authentication SQL injection that can lead to insecure deserialization PHP Object Injection. Insufficient...

9.6CVSS7.3AI score0.00076EPSS
Exploits0References10
CNVD
CNVDadded 2020/02/13 12:0 a.m.1 views

Multiple Phar Deserialization Vulnerabilities in SuiteCRM

SuiteCRM is a free and open source customer relationship management application. SuiteCRM suffers from multiple Phar deserialization vulnerabilities. An attacker can exploit the vulnerabilities to inject arbitrary PHP objects into the scope of the application, allowing the execution of various...

7.2CVSS7.6AI score0.00452EPSS
Exploits1References1
Rows per page
Query Builder