Lucene search
K

1794 matches found

OSV
OSV
added 2026/05/25 9:3 a.m.8 views

OPENSUSE-SU-2026:20794-1 Security update for python-PyPDF2

This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-41312: Fixed issue where crafed PDF can lead to resources exhaustion bsc1262675 - CVE-2026-41314: Fixed a denial of service via manipulated FlateDecode image dimensions can lead to RAM exhaustion...

6.9CVSS5.8AI score0.00297EPSS
Exploits0References6
Debian
Debian
added 2026/05/21 11:55 a.m.18 views

[SECURITY] [DSA 6286-1] evince security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6286-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 21, 2026 https://www.debian.org/security/faq -...

8.4CVSS5.8AI score0.00529EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow vulnerability in PDF files in Google Chrome prior to version 104.0.5112.79 allowed a remote attacker who convinced a user to perform certain user interactions to potentially exploit heap corruption through a crafted PDF file...

8.8CVSS7.5AI score0.00799EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in GhostScript

A heap-based buffer overwrite vulnerability was discovered in the lp8000printpage function of GhostScript, located in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a specially crafted PDF file, triggering a heap buffer overflow that could lead to memory corruption...

7.1CVSS7.4AI score0.00437EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in PDFs in Google Chrome before version 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: High...

8.8CVSS7.3AI score0.00918EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in PDFs in Google Chrome before version 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: High...

8.8CVSS7.3AI score0.00841EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in PDFs in Google Chrome before version 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: High...

8.8CVSS7.3AI score0.00606EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Poppler

In Poppler 0.74.0, the PDFDoc::markObject method in PDFDoc.cc mishandles dict marking, resulting in stack consumption in the Dict::find function located in Dict.cc. This issue can be triggered by passing a malicious PDF file to the pdfunite binary...

6.5CVSS6.7AI score0.02251EPSS
Exploits1References2
Redos
Redos
added 2026/05/20 12:0 a.m.12 views

ROS-20260520-73-0023

A vulnerability in the PDFium component of Google Chrome and Microsoft Edge browsers is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted PDF file...

8.8CVSS6AI score0.0025EPSS
Exploits0
OSV
OSV
added 2026/05/11 6:16 p.m.8 views

UBUNTU-CVE-2026-7210

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

7.5CVSS5.8AI score0.0079EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/05 5:43 a.m.13 views

SQL Injection

org.springframework.ai, spring-ai-azure-cosmos-db-store is vulnerable to SQL Injection. The vulnerability is due to improper handling of crafted document IDs in the CosmosDBVectorStore, which allows an attacker to execute arbitrary SQL queries...

8.8CVSS6.1AI score0.00338EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/04 1:37 a.m.8 views

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

7.5CVSS6.2AI score0.02142EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/28 7:18 a.m.7 views

EUVD-2026-26011

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

8.8CVSS6AI score0.00338EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 7:18 a.m.4 views

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

8.8CVSS6.1AI score0.00338EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/27 12:16 p.m.8 views

CVE-2026-5938

Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...

5.5CVSS0.00103EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:0 a.m.14 views

CVE-2026-5938

Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...

5.5CVSS5.2AI score0.00103EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.10 views

PT-2026-35400

Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...

5.5CVSS5.2AI score0.00103EPSS
Exploits0References2
OSV
OSV
added 2026/04/23 11:16 p.m.8 views

ALPINE-CVE-2026-6732

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that...

7.5CVSS5.7AI score0.00632EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/23 10:19 p.m.56 views

CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that...

6.5CVSS0.00632EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-6732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes...

7.5CVSS6AI score0.00632EPSS
Exploits1References2
Rows per page
Query Builder