33 matches found
CVE-2026-53429
Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdexnative allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering a docume...
PT-2026-53685
Name of the Vulnerable Software and Affected Versions mdex versions 0.11.0 through 0.12.2 mdex native versions 0.1.0 through 0.2.2 Description A memory leak occurs in the native rendering code when processing documents containing escaped-tag nodes. The conversion of each %MDEx.EscapedTag node int...
CVE-2026-57535
CVE-2026-57535 describes a vulnerability in PDF rendering contexts where HTML content (including tags) can be injected. If an tag src points to a URL, the rendering engine may fetch the image, potentially leaking information about the rendering server and enabling an SSRF-like vector in the loc...
CVE-2026-40230
Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...
Cross-site Scripting (XSS)
Overview local-deep-research is an AI-powered research assistant with deep, iterative analysis using LLMs and web searches Affected versions of this package are vulnerable to Cross-site Scripting XSS via the PDFService.markdowntohtml function. An attacker can cause the server to make unauthorized...
CVE-2026-8193
CVE-2026-8193 affects Akaunting 3.1.21, specifically the Invoice PDF Rendering component’s dompdf.php file. The vulnerability arises from unknown processing in that file, enabling a remote attacker to manipulate inputs to achieve server-side request forgery (SSRF). Exploitation is indicated as po...
CVE-2026-40230 Helpy 2.8.0 - Stored XSS in knowledgebase Doc body rendering
Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...
CVE-2026-40230 Helpy 2.8.0 - Stored XSS in knowledgebase Doc body rendering
Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...
Google Chrome PDFium Heap Buffer Overflow Vulnerability
Google Chrome is a web browser developed by Google with a built-in PDFium component for rendering PDF documents. Google Chrome's PDFium suffers from a heap buffer overflow vulnerability that stems from a failure to properly handle certain data in a specially crafted PDF file, which can be exploit...
CVE-2026-34367 InvoiceShelf: SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...
CVE-2026-34365 InvoiceShelf: SSRF in Estimate PDF Rendering via Unsanitised HTML in Notes Field
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...
RLSA-2026:0126 Moderate: poppler security update
Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Out-of-Bounds Read in Poppler CVE-2025-32365 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...
EUVD-2025-28382
Malicious code in bioql PyPI...
CVE-2024-30922
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...
CVE-2024-30923
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...
CVE-2024-30922
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...
CVE-2024-30923
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...
CVE-2024-30923
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...
CVE-2024-30922
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering...
DerbyNet 安全漏洞
DerbyNet is a simple code for a match broadcasting program. A security vulnerability exists in DerbyNet version v9.0. A remote attacker can exploit this vulnerability to execute arbitrary code via the where clause in the Racer document rendering...