Lucene search
K

249 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-14404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium...

6.5CVSS6.2AI score0.00202EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/01 8:45 p.m.7 views

CVE-2026-57204

A flaw was found in pypdf, a pure-python PDF library. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when parsed, leads to uncontrolled resource consumption and large memory usage. This occurs because the library sometimes ignores defined limits for stre...

6.9CVSS5.8AI score0.00206EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 10:16 p.m.9 views

CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...

6.9CVSS0.00206EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 9:59 p.m.18 views

CVE-2026-57204

CVE-2026-57204 affects the Python PDF library pypdf. Before version 6.13.3, a malicious PDF can trigger a DoS by causing excessive memory usage when parsing a content stream without a /Length value, due to MAX_DECLARED_STREAM_LENGTH being ignored. The issue is resolved in pypdf 6.13.3. The vulner...

6.9CVSS5.7AI score0.00206EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-49461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory...

6.9CVSS6AI score0.00123EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.8 views

Amazon Linux 2 : poppler, --advisory ALAS2-2026-3362 (ALAS-2026-3362)

The version of poppler installed on the remote host is prior to 0.26.5-43. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3362 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2025-69624

Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert. When app.alert is called with more than one argument and the first argument evaluates to null for example, app.alertapp.activeDocs, true when app.activeDocs is null...

7.5CVSS5.5AI score0.00428EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 11:3 p.m.9 views

CVE-2026-10945

Use after free in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

6.2AI score0.0036EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of PDF components after their release, potentially allowing remote attackers to execute arbitrary code ...

8.8CVSS6AI score0.0036EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 5:16 p.m.14 views

UBUNTU-CVE-2026-10118

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS6AI score0.00252EPSS
Exploits0References4
CVE
CVE
added 2026/06/01 3:33 p.m.54 views

CVE-2026-10118

CVE-2026-10118 – Poppler Splash backend integer overflow : The vulnerability affects Poppler’s Splash backend, in the tilingPatternFill path, where crafted PDFs can trigger an integer overflow that yields an undersized heap allocation, enabling an out-of-bounds write. This can lead to arbitrary c...

7.8CVSS6AI score0.00252EPSS
Exploits0References21
Snyk
Snyk
added 2026/06/01 3:25 p.m.27 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the tilingPatternFill function. An attacker can execute arbitrary code, disclose sensitive information, or cause a denial of service by supplying a specially crafted PDF file to an application that...

8.4CVSS5.5AI score0.00252EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.23 views

Linux Distros Unpatched Vulnerability : CVE-2026-48156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 4:16 p.m.9 views

DEBIAN-CVE-2026-48155

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/28 2:51 p.m.11 views

CVE-2026-48155

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

5.5CVSS5.8AI score0.00127EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

pypdf 安全漏洞

pypdf is an open-source, free, and pure Python PDF library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages of PDF files. Prior to version 6.12.0, pypdf had security vulnerabilities. These vulnerabilities stemmed from the use of cross-references involving valu...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the Views component’s ability to re-use resources after release, potentially allowing remote attackers to exploi...

8.3CVSS5.8AI score0.00164EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.12 views

Debian dla-4597 : atril - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4597 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4597-1 [email protected] https://www.debian.org/lts/security/...

8.4CVSS5.3AI score0.00529EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: pdfbox (UTSA-2026-017627)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017627 advisory. In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...

5.5CVSS5.8AI score0.04024EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/08 5:19 a.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the pdfContext.setOption process. An attacker can access arbitrary files readable by the PHP worker by uploading a crafted PDF invoice template that triggers the embedding of file contents into the generated PDF...

5.1CVSS6.3AI score0.00278EPSS
Exploits0References2
Rows per page
Query Builder