10278 matches found
CVE-2026-5936
The CVE-2026-5936 entries describe a Server-Side Request Forgery (SSRF) in the Foxit PDF Services API, where an attacker can craft a URL to cause the server to initiate requests to arbitrary destinations. Affected component: Foxit PDF Services API (server-side URL handling). Reported impact inclu...
Foxit PDF Services API 安全漏洞
The Foxit PDF Services API is a set of cloud-based PDF services provided by the American company Foxit, offering capabilities for document processing and format conversion. There is a security vulnerability in the Foxit PDF Services API. This vulnerability allows attackers to control server-side...
Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Foxit Reader...
CVE-2026-3774 Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor
The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...
CVE-2026-3774 Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor
The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...
CVE-2026-3774
Foxit PDF Editor/Reader (pre-2026.1) is affected by CVE-2026-3774 due to PDF JavaScript and document/print actions (WillPrint/DidPrint) updating form fields, annotations, or OCGs around redaction, encryption, or printing. The script-driven updates are not fully covered by the existing redaction/e...
CVE-2026-3775 Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writab...
CVE-2026-3775
CVE-2026-3775 affects Foxit PDF Editor/Reader (update service) and is due to the update check loading system libraries from a path that includes user-writable directories, not restricted to trusted system locations. This allows a local attacker with low privileges to place a malicious library tha...
CVE-2026-3776
CVE-2026-3776 is a null pointer dereference in Foxit PDF Editor/Reader when handling stamp annotations that lack appearance (AP) data. The affected code dereferences the related object without checking for null/valid AP data, allowing a crafted PDF to crash the application and cause a denial of s...
CVE-2026-3776 Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation
The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...
CVE-2026-3776 Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation
The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...
CVE-2026-3780 Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation
The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...
CVE-2026-3780 Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation
The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...
CVE-2026-3780
CVE-2026-3780 concerns Foxit PDF Editor/Reader installers on Windows. The root cause is an installer that runs with elevated privileges while resolving system executables and DLLs using untrusted search paths that may include user-writable directories. This allows a local attacker to place malici...
CVE-2026-3778 Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader
The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...
CVE-2026-3778
CVE-2026-3778 affects Foxit PDF Editor/Reader (Foxit Reader) across platforms as described in connected records. The root cause is cyclic PDF object references created by pages and annotations referencing each other in a loop, which, when the document is processed by APIs that perform deep traver...
CVE-2026-3778 Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader
The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...
CVE-2026-3779 Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution...
CVE-2026-3779 Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution...
CVE-2026-3779
The CVE-2026-3779 entry concerns Foxit Reader/Foxit PDF Editor: a use-after-free in the list box calculate array logic, where stale references to page/form objects after deletion/re-creation can be triggered by specially crafted PDFs, potentially enabling arbitrary code execution. Cisco Talos att...