35 matches found
SUSE CVE-2026-39378
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...
PT-2026-33879
Name of the Vulnerable Software and Affected Versions nbconvert versions 6.5 through 7.17.0 Description The nbconvert tool converts Jupyter notebooks to various formats using Jinja templates. When the HTMLExporter.embed images variable is set to True, the markdown renderer allows arbitrary file...
CVE-2022-42707
In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions...
EUVD-2022-45773
Malicious code in bioql PyPI...
Cursor 代码问题漏洞
Cursor is an AI code editor open-sourced by Cursor. A code issue vulnerability exists in Cursor versions prior to 1.3 that stems from Mermaid allowing embedded images, which could lead to the disclosure of sensitive information...
CVE-2025-50738
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be...
Absolute Path Traversal
Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Absolute Path Traversal via the HTML writer process when embedding images. An attacker can read arbitrary files on the server an...
PDFZorro 安全漏洞
PDFZorro is an online PDF editor. A security vulnerability exists in PDFZorro Online version r20220428, which stems from the inability to properly clean up deleted editing information from PDF files, resulting in the unintentional disclosure of editing information including images and text embedd...
SUSE CVE-2012-0192
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded 1 JPEG or 2 PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a...
The vulnerability of the embedded images of the ControlWave telemechanics controller allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of embedded images of telemechanics controllers from ControlWave is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data, compromise its integrity, and even cause...
The vulnerability of embedded images of PACsystems programmable logic controllers allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of embedded images of PACsystems programmable logic controllers is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data, compromise its integrity, and even cause...
The vulnerability of the embedded images of microprogrammed logic controllers ACE1000 allows a hacker to execute arbitrary code.
The vulnerability of embedded images of microprogrammed logic controllers ACE1000 is related to deficiencies in the algorithm for calculating the check sum. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability of the embedded images of microprogrammed logic controllers ACE1000 allows a hacker to execute arbitrary code.
The vulnerability of embedded images of microprogrammed logic controllers ACE1000 is related to deficiencies in the algorithm for calculating the check sum. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
UBUNTU-CVE-2019-15726
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server...
CVE-2019-15726
Removed by vendor...
Adobe Acrobat Pro DC PostScript colorimage Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Denial Of Service (DoS)
Ghostscript is vulnerable to denial of service. An integer overflow, which results in a heap-based buffer overflow in the icmLutallocate function in icclib allows an attacker to crash the application or possibly execute arbitrary code via a malicious PostScript or PDF file with embedded images...
CVE-2018-5679
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
CVE-2018-5675
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
SRC-2018-0018 : Foxit Reader PDF Parsing U3D Type Confusion Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...