Lucene search
K

33 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-53429

Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdexnative allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering a docume...

6.9CVSS0.00126EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-53685

Name of the Vulnerable Software and Affected Versions mdex versions 0.11.0 through 0.12.2 mdex native versions 0.1.0 through 0.2.2 Description A memory leak occurs in the native rendering code when processing documents containing escaped-tag nodes. The conversion of each %MDEx.EscapedTag node int...

6.9CVSS5.8AI score0.00126EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 2:29 p.m.9 views

CVE-2026-57535

CVE-2026-57535 describes a vulnerability in PDF rendering contexts where HTML content (including tags) can be injected. If an tag src points to a URL, the rendering engine may fetch the image, potentially leaking information about the rendering server and enabling an SSRF-like vector in the loc...

2.1CVSS5.9AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40230

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...

5.4CVSS5.3AI score0.00178EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/11 7:40 p.m.6 views

Cross-site Scripting (XSS)

Overview local-deep-research is an AI-powered research assistant with deep, iterative analysis using LLMs and web searches Affected versions of this package are vulnerable to Cross-site Scripting XSS via the PDFService.markdowntohtml function. An attacker can cause the server to make unauthorized...

9.9CVSS5.2AI score0.00263EPSS
Exploits0References2
CVE
CVE
added 2026/05/09 6:45 p.m.17 views

CVE-2026-8193

CVE-2026-8193 affects Akaunting 3.1.21, specifically the Invoice PDF Rendering component’s dompdf.php file. The vulnerability arises from unknown processing in that file, enabling a remote attacker to manipulate inputs to achieve server-side request forgery (SSRF). Exploitation is indicated as po...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/29 3:39 p.m.29 views

CVE-2026-40230 Helpy 2.8.0 - Stored XSS in knowledgebase Doc body rendering

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...

4.8CVSS0.00178EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/29 3:39 p.m.5 views

CVE-2026-40230 Helpy 2.8.0 - Stored XSS in knowledgebase Doc body rendering

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...

4.8CVSS5AI score0.00178EPSS
Exploits1References2
CNVD
CNVD
added 2026/04/16 12:0 a.m.7 views

Google Chrome PDFium Heap Buffer Overflow Vulnerability

Google Chrome is a web browser developed by Google with a built-in PDFium component for rendering PDF documents. Google Chrome's PDFium suffers from a heap buffer overflow vulnerability that stems from a failure to properly handle certain data in a specially crafted PDF file, which can be exploit...

8.8CVSS6.4AI score0.00336EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/31 8:16 p.m.1 views

CVE-2026-34367 InvoiceShelf: SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...

7.6CVSS5.8AI score0.00261EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/31 7:44 p.m.27 views

CVE-2026-34365 InvoiceShelf: SSRF in Estimate PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

7.6CVSS0.00245EPSS
Exploits1References2
OSV
OSV
added 2026/01/07 9:3 a.m.4 views

RLSA-2026:0126 Moderate: poppler security update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Out-of-Bounds Read in Poppler CVE-2025-32365 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

3.3CVSS6.8AI score0.00218EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-28382

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00576EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:17 a.m.6 views

CVE-2024-30922

SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...

9.8CVSS8.7AI score0.01429EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:17 a.m.5 views

CVE-2024-30923

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...

9.8CVSS8.8AI score0.0137EPSS
Exploits2References1
NVD
NVD
added 2024/04/18 9:15 p.m.14 views

CVE-2024-30922

SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...

9.8CVSS8.3AI score0.01429EPSS
Exploits2References2
NVD
NVD
added 2024/04/18 9:15 p.m.10 views

CVE-2024-30923

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...

9.8CVSS8.3AI score0.0137EPSS
Exploits2References2
OSV
OSV
added 2024/04/18 9:15 p.m.2 views

CVE-2024-30923

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...

9.8CVSS6.2AI score0.0137EPSS
Exploits2References2
OSV
OSV
added 2024/04/18 9:15 p.m.4 views

CVE-2024-30922

SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...

9.8CVSS6.3AI score0.01429EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.2 views

DerbyNet 安全漏洞

DerbyNet is a simple code for a match broadcasting program. A security vulnerability exists in DerbyNet version v9.0. A remote attacker can exploit this vulnerability to execute arbitrary code via the where clause in the Racer document rendering...

9.8CVSS7.7AI score0.0137EPSS
Exploits2References2
Rows per page
Query Builder