Lucene search
K

1794 matches found

EUVD
EUVD
added 2026/03/20 3:31 a.m.3 views

EUVD-2026-13472

Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

8.8CVSS6AI score0.0025EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/20 1:34 a.m.3 views

CVE-2026-4455

Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

6AI score0.0025EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.3 views

CVE-2026-4455

Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

8.8CVSS6.1AI score0.0025EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/16 12:59 p.m.24 views

CVE-2026-25780 Memory Exhaustion via Malformed DOC File Upload

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...

4.3CVSS0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.12 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...

4.3CVSS6.4AI score0.00267EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/11 10:4 p.m.4 views

CVE-2026-3939

Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. Chromium security severity: Low...

5.8AI score0.00147EPSS
Exploits0References2
Veracode
Veracode
added 2026/02/28 5:14 a.m.9 views

Infinite Loop

pypdf is vulnerable to Infinite Loop. The vulnerability is due to an attacker being able to craft a PDF which leads to an infinite loop, where accessing the children of a TreeObject, for example as part of outlines, can be exploited by attackers...

6.9CVSS5.1AI score0.00168EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/02/27 12:25 a.m.7 views

SUSE CVE-2026-27628

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...

7.5CVSS5.7AI score0.00346EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/26 2:58 p.m.5 views

CVE-2026-27888

A flaw was found in pypdf. A remote attacker can exploit this vulnerability by crafting a malicious PDF document. When a user processes this specially crafted PDF, it can lead to excessive memory consumption, resulting in a Denial of Service DoS for the affected system. This issue specifically...

8.7CVSS5.6AI score0.00348EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2026/02/25 3:16 a.m.5 views

CVE-2026-27628

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...

7.5CVSS5.7AI score0.00346EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.5 views

PT-2026-5791

Уязвимость модуля Acroform прикладного программного интерфейса библиотеки для создания PDF-файлов jsPDF связана с неправильным кодированием или экранированием выходных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный JavaScript-код при...

9.4CVSS5.4AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/16 12:24 a.m.11 views

CVE-2025-67079

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions...

9.8CVSS7.5AI score0.00381EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/12 12:0 a.m.24 views

CVE-2021-41074

A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document...

0.00122EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 12:0 a.m.3 views

CVE-2025-66837

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware...

7.5AI score0.00252EPSS
Exploits0References2
NVD
NVD
added 2025/12/29 3:16 p.m.2 views

CVE-2025-57462

Stored cross-site scripting xss in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file...

6.1CVSS0.00155EPSS
Exploits0References2
OSV
OSV
added 2025/12/26 12:0 a.m.5 views

CVE-2025-25341

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal ref property on entityref and entitydecl nodes causes a segmentation fault, potentially leading to a denial-of-service DoS...

7.5CVSS6.8AI score0.00388EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/12/22 9:30 p.m.8 views

Umbraco CMS has an arbitrary file upload vulnerability

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. While Umbraco provides hooks to perform file validation, it does not do implement filtering by default. Users are expected to implement their own validation...

10CVSS6AI score0.00502EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.5 views

PT-2025-52674

Name of the Vulnerable Software and Affected Versions Umbraco CMS version 16.3.3 Description An arbitrary file upload issue exists in Umbraco CMS version 16.3.3. Attackers can potentially execute arbitrary code by uploading a specially crafted PDF file. The supplier disputes responsibility, stati...

10CVSS7.4AI score0.00502EPSS
Exploits0References20
RedhatCVE
RedhatCVE
added 2025/12/12 1:6 a.m.4 views

CVE-2025-55308

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. A crafted PDF containing JavaScript that calls closeDoc while internal objects are still in use can cause premature release of these objects. This use-after-free vulnerability may lead to memory...

6.7CVSS6.5AI score0.00119EPSS
Exploits0References1
OSV
OSV
added 2025/12/11 4:16 p.m.1 views

CVE-2025-55313

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...

7.8CVSS6.3AI score0.00149EPSS
Exploits0References1
Rows per page
Query Builder