Lucene search
K

1698 matches found

Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-57256 Foxit Editor/Reader List Box Format Use-After-Free Vulnerability

When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary...

7.8CVSS0.00118EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42192

When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary...

7.8CVSS6AI score0.00118EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56351

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description A use-after-free issue occurs when the application opens a PDF file. During the process where JavaScript deletes pages and removes attachment annotations, the attachment panel...

7.8CVSS6.1AI score0.00116EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56341

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description A use-after-free issue occurs when the application opens a PDF and JavaScript modifies the form. Due to incomplete lifecycle management and a lack of null value validation for...

7.8CVSS6.1AI score0.00116EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56330

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Embedded JavaScript within a PDF can delete pages, rendering the object invalid. The application crashes when it attempts a write operation on these invalid pop-...

7.8CVSS6.1AI score0.00116EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56336

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Opening a PDF allows JavaScript to modify form field properties, causing the state of the underlying objects referenced by the program to become invalid. This...

7.8CVSS6.1AI score0.00116EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago15 views

PT-2026-56347

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description Insufficient object type and argument checks occur when the application opens a PDF file and JavaScript writes annotation attributes. This leads to damage in the internal...

7.8CVSS6AI score0.00116EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/07 5:18 a.m.5 views

EUVD-2026-42004

MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/07 5:18 a.m.35 views

CVE-2026-57868

MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54671

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An inappropriate implementation in PDFium, a PDF rendering engine, allows a remote attacker to perform UI spoofing by using a specially crafted PDF file. Recommendations Update Google...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-13962

Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 10:39 p.m.20 views

CVE-2026-14108

CVE-2026-14108 is a use-after-free in PDFium underlying Google Chrome prior to 150.0.7871.47. The flaw allows a remote attacker to execute arbitrary code inside the browser sandbox via a crafted PDF file. Affected component: PDFium within Chrome; root cause: use-after-free vulnerability. Impact: ...

8.8CVSS6.2AI score0.00259EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 9:59 p.m.4 views

CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...

6.9CVSS5.7AI score0.00206EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/29 5:50 p.m.7 views

atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.6AI score0.00529EPSS
Exploits1References12
NVD
NVD
added 2026/06/29 2:16 a.m.10 views

CVE-2026-13522

A security flaw has been discovered in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe of the component PDF File Handler. Performing a manipulation results in out-of-bounds read. It is...

5.3CVSS0.00293EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 1:15 a.m.14 views

CVE-2026-13522

Investintech SlimPDFReader up to version 2.0.14 is affected by an out-of-bounds read in SlimPDFReader.exe (PDF File Handler). The vulnerable component is the function Investintech::PCV::TeighaDo+0x25cde0 inside SlimPDFReader.exe. A manipulation can trigger the out-of-bounds read, and the issue ca...

5.3CVSS5.5AI score0.00293EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 2:32 p.m.30 views

CVE-2026-57532

CVE-2026-57532 describes a vulnerability where malicious HTML content contained in the layout specification of a PDF ticket/badge layout is executed when the PDF editor is opened in a browser. This could allow one backend user to inject JavaScript into the browser context of another backend user....

8.8CVSS5.9AI score0.0033EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in mupdf

A integer overflow vulnerability exists in the 'pdf-image.c' file in Artifex’s MuPDF version 1.27.0. This vulnerability allows an attacker to create a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This enables a heap out-of-bounds write, which could be exploited...

7.8CVSS6.4AI score0.00213EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in PDFium in Google Chrome prior to version 147.0.7727.101 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted PDF file. Chromium security severity: High...

8.8CVSS7.9AI score0.00336EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2026/06/24 12:0 a.m.6 views

Important: evince security update

The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device Independent File format DVI files. Security Fixes: atril: evince: xreader: PDF /GoToR action argv...

8.4CVSS5.9AI score0.00529EPSS
Exploits1References4
Rows per page
Query Builder