Lucene search
K

1689 matches found

Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-57868

MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS0.00215EPSS
Exploits0References2
Nuclei
Nuclei
added 6 days ago22 views

osTicket - Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

8.7CVSS6.3AI score0.73125EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54671

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An inappropriate implementation in PDFium, a PDF rendering engine, allows a remote attacker to perform UI spoofing by using a specially crafted PDF file. Recommendations Update Google...

9.6CVSS6AI score0.00413EPSS
Exploits0References440
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-13962

Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 10:39 p.m.16 views

CVE-2026-14108

CVE-2026-14108 is a use-after-free in PDFium underlying Google Chrome prior to 150.0.7871.47. The flaw allows a remote attacker to execute arbitrary code inside the browser sandbox via a crafted PDF file. Affected component: PDFium within Chrome; root cause: use-after-free vulnerability. Impact: ...

8.8CVSS6.2AI score0.00259EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 9:59 p.m.3 views

CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...

6.9CVSS5.7AI score0.00206EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/29 5:50 p.m.5 views

atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.6AI score0.00529EPSS
Exploits0References12
NVD
NVD
added 2026/06/29 2:16 a.m.10 views

CVE-2026-13522

A security flaw has been discovered in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe of the component PDF File Handler. Performing a manipulation results in out-of-bounds read. It is...

5.3CVSS0.00293EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 1:15 a.m.14 views

CVE-2026-13522

Investintech SlimPDFReader up to version 2.0.14 is affected by an out-of-bounds read in SlimPDFReader.exe (PDF File Handler). The vulnerable component is the function Investintech::PCV::TeighaDo+0x25cde0 inside SlimPDFReader.exe. A manipulation can trigger the out-of-bounds read, and the issue ca...

5.3CVSS5.5AI score0.00293EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 2:32 p.m.26 views

CVE-2026-57532

CVE-2026-57532 describes a vulnerability where malicious HTML content contained in the layout specification of a PDF ticket/badge layout is executed when the PDF editor is opened in a browser. This could allow one backend user to inject JavaScript into the browser context of another backend user....

8.8CVSS5.9AI score0.0033EPSS
Exploits0References1
AlmaLinux
AlmaLinux
added 2026/06/24 12:0 a.m.6 views

Important: evince security update

The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device Independent File format DVI files. Security Fixes: atril: evince: xreader: PDF /GoToR action argv...

8.4CVSS5.9AI score0.00529EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 12:12 p.m.14 views

CVE-2026-56258

CVE-2026-56258 affects Crawl4AI prior to 0.8.8. An arbitrary file write exists in the screenshot and PDF endpoints via output_path, exploiting insufficient path validation and symlink following with TOCTOU. Unauthenticated remote attackers can write files outside the intended directory, potential...

9.2CVSS6.5AI score0.00656EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/22 9:16 p.m.16 views

CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS0.00123EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 8:27 p.m.11 views

CVE-2026-49461

CVE-2026-49461 affects the Python PDF library pypdf . The vulnerability occurs before version 6.12.2 and lets an attacker craft a PDF whose page contains a form XObject with self-references, causing large memory usage during text extraction. Impact is memory-related and can affect systems process...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 3:0 a.m.5 views

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in libpodofo

A stack-based buffer overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service through the ‘src/base/PdfDictionary.cpp:65’ component...

5.5CVSS7.3AI score0.00683EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in PDFs in Google Chrome before version 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: High...

8.8CVSS7.3AI score0.00841EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in PDFs in Google Chrome before version 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: High...

8.8CVSS7.3AI score0.00606EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/19 5:29 a.m.88 views

imagemagick-gs-delegate-hijack-poc

ImageMagick Ghostscript Delegate Search Path PoC This reposit...

5.8AI score
Exploits0
CVE
CVE
added 2026/06/18 9:5 a.m.28 views

CVE-2026-8811

CVE-2026-8811 affects SEPPmail versions before 15.0.5, in the PDF generation module. Improper handling of attachment filenames during encrypted PDF creation allows path traversal, enabling an attacker to create files outside the intended directory and potentially place them in web‑accessible loca...

7.1CVSS5.3AI score0.00319EPSS
Exploits0References1
Rows per page
Query Builder