1794 matches found
EUVD-2026-13472
Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...
CVE-2026-4455
Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...
CVE-2026-4455
Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...
CVE-2026-25780 Memory Exhaustion via Malformed DOC File Upload
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...
CVE-2026-3939
Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. Chromium security severity: Low...
Infinite Loop
pypdf is vulnerable to Infinite Loop. The vulnerability is due to an attacker being able to craft a PDF which leads to an infinite loop, where accessing the children of a TreeObject, for example as part of outlines, can be exploited by attackers...
SUSE CVE-2026-27628
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...
CVE-2026-27888
A flaw was found in pypdf. A remote attacker can exploit this vulnerability by crafting a malicious PDF document. When a user processes this specially crafted PDF, it can lead to excessive memory consumption, resulting in a Denial of Service DoS for the affected system. This issue specifically...
CVE-2026-27628
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...
PT-2026-5791
Уязвимость модуля Acroform прикладного программного интерфейса библиотеки для создания PDF-файлов jsPDF связана с неправильным кодированием или экранированием выходных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный JavaScript-код при...
CVE-2025-67079
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions...
CVE-2021-41074
A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document...
CVE-2025-66837
A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware...
CVE-2025-57462
Stored cross-site scripting xss in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file...
CVE-2025-25341
A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal ref property on entityref and entitydecl nodes causes a segmentation fault, potentially leading to a denial-of-service DoS...
Umbraco CMS has an arbitrary file upload vulnerability
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. While Umbraco provides hooks to perform file validation, it does not do implement filtering by default. Users are expected to implement their own validation...
PT-2025-52674
Name of the Vulnerable Software and Affected Versions Umbraco CMS version 16.3.3 Description An arbitrary file upload issue exists in Umbraco CMS version 16.3.3. Attackers can potentially execute arbitrary code by uploading a specially crafted PDF file. The supplier disputes responsibility, stati...
CVE-2025-55308
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. A crafted PDF containing JavaScript that calls closeDoc while internal objects are still in use can cause premature release of these objects. This use-after-free vulnerability may lead to memory...
CVE-2025-55313
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...