1795 matches found
CVE-2025-55309
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change...
CVE-2025-59788
A flaw was found in Nextcloud's PDF Portable Document Format viewer. This vulnerability allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted PDF file to viewer.html in the filespdfviewer example directory...
CVE-2025-55308
Foxit PDF/Editor for Windows versions prior to 13.2 and the 2025 line prior to 2025.2 are affected by a use-after-free vulnerability. A crafted PDF with JavaScript that calls closeDoc() while internal objects are still in use can cause premature object release, leading to memory corruption and po...
CVE-2025-55309
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change...
firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...
CVE-2025-59788
Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...
JLSEC-2025-256 In LibTIFF, there is a memory malloc failure in tif_pixarlog.c
In LibTIFF, there is a memory malloc failure in tifpixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack...
CVE-2025-56526
CVE-2025-56526 concerns Kotaemon 0.11.0 and is described as a cross-site scripting (XSS) vulnerability. The issue allows an attacker to execute arbitrary code through a crafted PDF rendered by Kotaemon. The published descriptor includes a CVSS 3.1 base score of 6.1 (Medium) with network attack ve...
CVE-2025-56526
Cross site scripting XSS vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF...
CVE-2025-64512 pdfminer.six vulnerable to Arbitrary Code Execution via Crafted PDF Input
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...
OESA-2025-2622 poppler security update
Poppler is a free software utility library for rendering Portable Document Format PDF documents. \ Its development is supported by freedesktop.org. It is commonly used on Linux systems,and is used by \ the PDF viewers of the open source GNOME and KDE desktop environments. Security Fixes: An issue...
SUSE-SU-2025:3898-1 Security update for poppler
This update for poppler fixes the following issues: - CVE-2025-43718: fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files bsc1250908...
UBUNTU-CVE-2025-62707
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in...
JLSEC-2025-90 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a ...
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...
SigningHub 安全漏洞
SigningHub is an electronic signature platform from SigningHub UK. A security vulnerability exists in SigningHub version v8.6.8, which stems from allowing the upload of specially crafted PDF files and could lead to the execution of arbitrary code...
EUVD-2012-2870
Malware in sbrugna...
EUVD-2017-18657
Malware in sbrugna...
EUVD-2017-18543
Malware in sbrugna...
EUVD-2020-12730
Malware in sbrugna...
EUVD-2017-18541
Malware in sbrugna...