24 matches found
CVE-2026-13129
When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...
CVE-2026-13129 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...
EUVD-2026-42182
When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...
CVE-2026-13129
When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...
PT-2026-56355
Name of the Vulnerable Software and Affected Versions Foxit Editor/Reader affected versions not specified Description When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, which are repeated after the form is reset. The application fails ...
UBUNTU-CVE-2026-49461
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....
CVE-2026-49461
CVE-2026-49461 affects the Python PDF library pypdf . The vulnerability occurs before version 6.12.2 and lets an attacker craft a PDF whose page contains a form XObject with self-references, causing large memory usage during text extraction. Impact is memory-related and can affect systems process...
CVE-2023-2220
A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...
Foxit PDF Reader 安全漏洞
Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A security vulnerability exists in Foxit PDF Reader, which originates from an XFA Doc object out-of-bounds read information disclosure vulnerability...
Cross-Site Scripting (XSS)
net.dreamlu:mica-xss is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript on victim's browser via the Form Object Handler...
CVE-2023-2220
A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...
CVE-2023-2220
A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...
Cross site scripting
A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...
Dream Technology mica 跨站脚本漏洞
Dream Technology mica is a Spring Cloud microservices development core package from China-based Dream Technology. A cross-site scripting vulnerability exists in Dream Technology mica 3.0.5 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the Form Object Handler...
PT-2023-18381 · Dream Technology · Mica
Name of the Vulnerable Software and Affected Versions: Dream Technology mica versions up to 3.0.5 Description: A problematic issue has been identified, affecting an unknown function of the component Form Object Handler. This issue leads to cross site scripting and can be exploited remotely...
CVE-2018-17655
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2018-17655
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2018-17654
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...