CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/20 6:31 p.m.•3 views

GHSA-FVHG-P4HF-79X3 @cyntler/react-doc-viewer's TXTRenderer fails to sanitize file content and explicitly casts raw data as a ReactNode

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

6.1CVSS5.9AI score0.00014EPSS

Exploits0References4

CVE•added 2026/05/20 12:0 a.m.•14 views

CVE-2026-30691

CVE-2026-30691 affects @cyntler/react-doc-viewer v1.17.1. TXTRenderer improperly sanitizes .txt content and casts raw data as a ReactNode, enabling Cross-Site Scripting (XSS) via crafted files. Impact: remote attacker can execute arbitrary JavaScript. No remediation details provided in the docume...

6.1CVSS6.1AI score0.00014EPSS

Exploits0References2

NVD•added 2026/04/21 7:16 p.m.•3 views

CVE-2026-40865

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...

7.1CVSS0.00029EPSS

Exploits0References1

EUVD•added 2026/04/21 6:14 p.m.•4 views

EUVD-2026-24231

7.1CVSS5.8AI score0.00029EPSS

Exploits0References1

CVE•added 2026/04/21 6:14 p.m.•8 views

CVE-2026-40865

Horilla HRMS 1.5.0 contains an insecure direct object reference in the employee document viewer. An authenticated user can access other employees’ uploaded documents by altering the document ID parameter, exposing identity documents, contracts, certificates, and other private records. The PT-2026...

7.1CVSS5.8AI score0.00029EPSS

Exploits0References1

The Hacker News•added 2026/04/13 9:15 a.m.•5 views

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

The North Korean hacking group tracked as APT37 aka ScarCruft has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery...

6.1AI score

Fedora•added 2026/04/12 3:53 p.m.•3 views

[SECURITY] Fedora 42 Update: mupdf-1.26.3-6.fc42

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

7.8CVSS5.9AI score0.00023EPSS

Fedora•added 2026/04/12 3:38 p.m.•5 views

[SECURITY] Fedora 43 Update: mupdf-1.27.1-10.fc43

7.8CVSS5.9AI score0.00023EPSS

ATTACKERKB•added 2026/03/31 12:0 a.m.•0 views

CVE-2026-30277

An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

6.4AI score0.00036EPSS

Exploits0References5

Vulnrichment•added 2026/02/09 9:10 p.m.•1 views

CVE-2026-25880 Untrusted Search Path in SumatraPDF Reader (explorer.exe on Windows)

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary explorer.exe located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s...

7.8CVSS6.3AI score0.0003EPSS

Exploits1References1

RedHat Linux•added 2026/02/09 7:38 a.m.•1 views

firefox: thunderbird: Clickjacking issue, information disclosure in the PDF Viewer component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue, information disclosure in the PDF Viewer component...

RedHat Linux•added 2026/02/09 3:7 a.m.•0 views

firefox: thunderbird: Clickjacking issue, information disclosure in the PDF Viewer component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue, information disclosure in the PDF Viewer component...

RedHat Linux•added 2026/02/05 10:46 a.m.•1 views

firefox: thunderbird: Clickjacking issue, information disclosure in the PDF Viewer component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue, information disclosure in the PDF Viewer component...

RedHat Linux•added 2026/02/05 9:15 a.m.•4 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS7.3AI score0.00025EPSS

Exploits0References14

RedHat Linux•added 2026/02/05 9:15 a.m.•0 views

firefox: thunderbird: Clickjacking issue, information disclosure in the PDF Viewer component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue, information disclosure in the PDF Viewer component...