Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of PDF files after their release, potentially allowing remote attackers to execute arbitrary code with...

Astra Linux - уязвимость в chromium

A heap buffer overflow in PDFium in Google Chrome prior to version 128.0.6613.84 allowed a remote attacker to perform an out-of-bounds memory read through a crafted PDF file. Chromium security severity: Medium...

Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read

Summary The add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF protection on this endpoint and SameSite=Lax session cookies, a...

Adobe Reader Zero-Day Exploited to Steal Data via Malicious PDFs

An Adobe Reader zero-day vulnerability is being actively exploited via malicious PDFs, allowing hackers to steal data without user interaction, with no patch available...

CVE-2026-25780

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...

CVE-2025-65924

ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically hyperlinks in fields that are intended for plain text. Although JavaScript is blocked preventing XSS, the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious clickable...

USN-7858-1: poppler vulnerability

It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a crash...

USN-7858-1 poppler vulnerability

It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a crash...

SUSE-SU-2025:3898-1 Security update for poppler

This update for poppler fixes the following issues: - CVE-2025-43718: fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files bsc1250908...

Tawk Live Chat 跨站脚本漏洞

tawk.to Tawk Live Chat is an online chat software from the US company tawk.to. A cross-site scripting vulnerability exists in Tawk Live Chat that stems from not properly cleaning JavaScript code when storing PDF files, which could lead to a stored cross-site scripting attack...

OESA-2025-2482 poppler security update

is a PDF rendering library. Security Fixes: Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in...

Path Traversal

tinyscientist is vulnerable to path Traversal. The vulnerability is due to improper validation of file paths in the reviewpaper function, which allows an attacker to craft malicious file paths to read arbitrary PDF files on the server, access sensitive documents, and perform reconnaissance on the...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : poppler vulnerability (USN-7708-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7708-1 advisory. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this...

TinyScientist 路径遍历漏洞

TinyScientist is an open source U Lab @UIUC lightweight framework for developers to build research agents. A path traversal vulnerability exists in TinyScientist 0.1.1 and earlier versions, which stems from a path traversal vulnerability in the reviewpaper function that could lead to accessing...

UBUNTU-CVE-2025-46206

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the mutool clean utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the stripoutline function enters infinite recursion...

thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...

USN-7213-1 poppler vulnerability

It was discovered that poppler incorrectly handled memory when opening certain PDF files. An attacker could possibly use this issue to cause denial of service or obtain sensitive information...

USN-7062-1: libgsf vulnerabilities

It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code...

Google Chrome 安全漏洞

Google Chrome is a free web browser developed by Google. It is the world's largest browser in terms of market share due to its speed, security, simplicity, multi-platform support and built-in privacy protection. Google Chrome has a heap buffer overflow vulnerability that can be exploited by an...

CVE-2024-34597

Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability...