Lucene search
K

10278 matches found

CVE
CVE
added 2026/04/13 6:57 a.m.13 views

CVE-2026-5936

The CVE-2026-5936 entries describe a Server-Side Request Forgery (SSRF) in the Foxit PDF Services API, where an attacker can craft a URL to cause the server to initiate requests to arbitrary destinations. Affected component: Foxit PDF Services API (server-side URL handling). Reported impact inclu...

9.8CVSS5.8AI score0.00195EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.5 views

Foxit PDF Services API 安全漏洞

The Foxit PDF Services API is a set of cloud-based PDF services provided by the American company Foxit, offering capabilities for document processing and format conversion. There is a security vulnerability in the Foxit PDF Services API. This vulnerability allows attackers to control server-side...

8.5CVSS5.8AI score0.00195EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/04/02 12:0 a.m.8 views

Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Foxit Reader...

7.8CVSS6.1AI score0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 1:40 a.m.3 views

CVE-2026-3774 Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

4.7CVSS5.9AI score0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 1:40 a.m.34 views

CVE-2026-3774 Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

4.7CVSS0.00109EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 1:40 a.m.39 views

CVE-2026-3774

Foxit PDF Editor/Reader (pre-2026.1) is affected by CVE-2026-3774 due to PDF JavaScript and document/print actions (WillPrint/DidPrint) updating form fields, annotations, or OCGs around redaction, encryption, or printing. The script-driven updates are not fully covered by the existing redaction/e...

7.5CVSS5.9AI score0.00109EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/01 1:40 a.m.4 views

CVE-2026-3775 Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writab...

7.8CVSS6AI score0.00251EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 1:40 a.m.60 views

CVE-2026-3775

CVE-2026-3775 affects Foxit PDF Editor/Reader (update service) and is due to the update check loading system libraries from a path that includes user-writable directories, not restricted to trusted system locations. This allows a local attacker with low privileges to place a malicious library tha...

7.8CVSS6AI score0.00251EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/04/01 1:40 a.m.17 views

CVE-2026-3776

CVE-2026-3776 is a null pointer dereference in Foxit PDF Editor/Reader when handling stamp annotations that lack appearance (AP) data. The affected code dereferences the related object without checking for null/valid AP data, allowing a crafted PDF to crash the application and cause a denial of s...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/01 1:40 a.m.5 views

CVE-2026-3776 Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation

The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 1:40 a.m.32 views

CVE-2026-3776 Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation

The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...

5.5CVSS0.00103EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 1:40 a.m.2 views

CVE-2026-3780 Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...

7.3CVSS5.9AI score0.00121EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 1:40 a.m.29 views

CVE-2026-3780 Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...

7.3CVSS0.00121EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 1:40 a.m.11 views

CVE-2026-3780

CVE-2026-3780 concerns Foxit PDF Editor/Reader installers on Windows. The root cause is an installer that runs with elevated privileges while resolving system executables and DLLs using untrusted search paths that may include user-writable directories. This allows a local attacker to place malici...

7.8CVSS5.9AI score0.00121EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/04/01 1:40 a.m.31 views

CVE-2026-3778 Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

6.2CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 1:40 a.m.19 views

CVE-2026-3778

CVE-2026-3778 affects Foxit PDF Editor/Reader (Foxit Reader) across platforms as described in connected records. The root cause is cyclic PDF object references created by pages and annotations referencing each other in a loop, which, when the document is processed by APIs that perform deep traver...

6.2CVSS5.9AI score0.00103EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/01 1:40 a.m.2 views

CVE-2026-3778 Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

6.2CVSS5.9AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 1:40 a.m.30 views

CVE-2026-3779 Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability

The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution...

7.8CVSS0.00309EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/01 1:40 a.m.3 views

CVE-2026-3779 Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability

The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution...

7.8CVSS6AI score0.00309EPSS
Exploits1References1
CVE
CVE
added 2026/04/01 1:40 a.m.12 views

CVE-2026-3779

The CVE-2026-3779 entry concerns Foxit Reader/Foxit PDF Editor: a use-after-free in the list box calculate array logic, where stale references to page/form objects after deletion/re-creation can be triggered by specially crafted PDFs, potentially enabling arbitrary code execution. Cisco Talos att...

7.8CVSS6AI score0.00309EPSS
Exploits1References2Affected Software2
Rows per page
Query Builder