Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

318 matches found

Nuclei
Nucleiadded 17 hours ago146 views

Dompdf < v0.6.0 - Local File Inclusion

A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a...

6.8CVSS7.4AI score0.5489EPSS
Exploits6References5
Metasploit
Metasploitadded 2026/05/21 7:1 p.m.118 views

Dompdf RCE via Malicious Font Caching (CVE-2022-28368)

This module exploits CVE-2022-28368, a Remote Code Execution vulnerability in dompdf versions prior to 1.2.1. The vulnerability exists because dompdf preserves the original file extension when caching fonts downloaded via CSS @font-face rules. By pointing a @font-face src to a .php file containin...

9.8CVSS7.4AI score0.88271EPSS
Exploits8
Packet Storm
Packet Stormadded 2026/05/21 12:0 a.m.57 views

📄 dompdf Remote Code Execution

This Metasploit module exploits CVE-2022-28368, a remote code execution vulnerability in dompdf versions prior to 1.2.1. The vulnerability exists because dompdf preserves the original file extension when caching fonts downloaded via CSS @font-face rules. By pointing a @font-face src to a .php fil...

9.8CVSS6.4AI score0.88271EPSS
Exploits8
EUVD
EUVDadded 2026/05/09 9:32 p.m.7 views

EUVD-2026-28921

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...

6.5CVSS5.5AI score0.00038EPSS
Exploits0References5
NVD
NVDadded 2026/05/09 7:16 p.m.8 views

CVE-2026-8193

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...

6.5CVSS0.00038EPSS
Exploits0References4
CVE
CVEadded 2026/05/09 6:45 p.m.7 views

CVE-2026-8193

CVE-2026-8193 affects Akaunting 3.1.21, specifically the Invoice PDF Rendering component’s dompdf.php file. The vulnerability arises from unknown processing in that file, enabling a remote attacker to manipulate inputs to achieve server-side request forgery (SSRF). Exploitation is indicated as po...

6.5CVSS6.2AI score0.00038EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/09 6:45 p.m.2 views

CVE-2026-8193

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...

6.5CVSS6.2AI score0.00038EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/09 6:45 p.m.27 views

CVE-2026-8193 Akaunting Invoice PDF Rendering dompdf.php server-side request forgery

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...

6.5CVSS0.00038EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/09 12:0 a.m.6 views

PT-2026-39405

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...

6.5CVSS6.2AI score0.00038EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/09 12:0 a.m.4 views

Akaunting 代码问题漏洞

Akaunting is an application software developed by Akaunting Company that provides all the tools needed for online fund management. Version 3.1.21 of Akaunting has a code vulnerability; this vulnerability stems from an unknown processing in the Invoice PDF Rendering component’s config/dompdf.php...

6.5CVSS6.6AI score0.00038EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/01 11:0 p.m.1 views

CVE-2026-34367

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...

8.7CVSS5.8AI score0.0005EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/01 11:0 p.m.2 views

CVE-2026-34366

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

8.1CVSS5.8AI score0.00035EPSS
Exploits1References1
NVD
NVDadded 2026/03/31 9:16 p.m.2 views

CVE-2026-34366

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

8.1CVSS0.00035EPSS
Exploits1References2
OSV
OSVadded 2026/03/31 8:16 p.m.2 views

CVE-2026-34367 InvoiceShelf: SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...

7.6CVSS5.8AI score0.0005EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/03/31 8:16 p.m.1 views

CVE-2026-34367

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...

7.6CVSS5.8AI score0.0005EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/03/31 8:16 p.m.2 views

CVE-2026-34367

InvoiceShelf (open-source web/mobile app) is affected by a Server-Side Request Forgery (SSRF) in the PDF generation module prior to version 2.2.0. User-supplied HTML in the Notes field is passed unsanitised to the Dompdf renderer, which fetches remote resources referenced in the markup. The vulne...

8.7CVSS5.8AI score0.0005EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/03/31 8:5 p.m.18 views

CVE-2026-34366 InvoiceShelf: SSRF in Payment Receipt PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

7.6CVSS0.00035EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/31 8:5 p.m.2 views

CVE-2026-34366

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

7.6CVSS5.8AI score0.00035EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/31 8:5 p.m.2 views

CVE-2026-34366 InvoiceShelf: SSRF in Payment Receipt PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

7.6CVSS5.8AI score0.00035EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/31 7:44 p.m.1 views

CVE-2026-34365

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

7.6CVSS5.8AI score0.00035EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder