Lucene search
K

24 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-13129

When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...

7.8CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-13129 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability

When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...

7.8CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-42182

When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-13129

When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...

7.8CVSS6AI score0.00116EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56355

Name of the Vulnerable Software and Affected Versions Foxit Editor/Reader affected versions not specified Description When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, which are repeated after the form is reset. The application fails ...

7.8CVSS6.2AI score0.00118EPSS
Exploits0References6
OSV
OSV
added 2026/06/22 9:16 p.m.3 views

UBUNTU-CVE-2026-49461

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....

6.9CVSS5.8AI score0.00123EPSS
Exploits0References5
CVE
CVE
added 2026/06/22 8:27 p.m.16 views

CVE-2026-49461

CVE-2026-49461 affects the Python PDF library pypdf . The vulnerability occurs before version 6.12.2 and lets an attacker craft a PDF whose page contains a form XObject with self-references, causing large memory usage during text extraction. Impact is memory-related and can affect systems process...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:13 a.m.5 views

CVE-2023-2220

A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...

6.1CVSS5.9AI score0.00613EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.5 views

Foxit PDF Reader 安全漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A security vulnerability exists in Foxit PDF Reader, which originates from an XFA Doc object out-of-bounds read information disclosure vulnerability...

7.1CVSS5.6AI score0.00437EPSS
Exploits0References3
Veracode
Veracode
added 2023/05/01 8:50 p.m.23 views

Cross-Site Scripting (XSS)

net.dreamlu:mica-xss is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript on victim's browser via the Form Object Handler...

6.1CVSS5.9AI score0.00613EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/04/21 12:15 p.m.6 views

CVE-2023-2220

A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...

6.1CVSS3.7AI score0.00613EPSS
Exploits1References3
NVD
NVD
added 2023/04/21 12:15 p.m.21 views

CVE-2023-2220

A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...

6.1CVSS4.5AI score0.00613EPSS
Exploits1References3
Prion
Prion
added 2023/04/21 12:15 p.m.16 views

Cross site scripting

A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...

4CVSS6AI score0.00613EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/04/21 12:0 a.m.4 views

Dream Technology mica 跨站脚本漏洞

Dream Technology mica is a Spring Cloud microservices development core package from China-based Dream Technology. A cross-site scripting vulnerability exists in Dream Technology mica 3.0.5 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the Form Object Handler...

6.1CVSS4.7AI score0.00613EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/21 12:0 a.m.4 views

PT-2023-18381 · Dream Technology · Mica

Name of the Vulnerable Software and Affected Versions: Dream Technology mica versions up to 3.0.5 Description: A problematic issue has been identified, affecting an unknown function of the component Form Object Handler. This issue leads to cross site scripting and can be exploited remotely...

6.1CVSS6.3AI score0.00613EPSS
Exploits1References5
OSV
OSV
added 2019/01/24 4:29 a.m.6 views

CVE-2018-17655

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS6.2AI score0.03918EPSS
Exploits0References2
NVD
NVD
added 2019/01/24 4:29 a.m.19 views

CVE-2018-17655

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS8.8AI score0.03918EPSS
Exploits0References2
NVD
NVD
added 2019/01/24 4:29 a.m.24 views

CVE-2018-17654

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS8.8AI score0.03918EPSS
Exploits0References2
Prion
Prion
added 2019/01/24 4:29 a.m.18 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS8.8AI score0.03918EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2019/01/24 4:29 a.m.22 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS8.8AI score0.03918EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder