Lucene search
+L

263 matches found

nuclei
nuclei
added yesterday19 views

Gotenberg - Command Injection

Gotenberg 8.31.0 contains a command injection caused by lack of validation on JSON metadata keys in /forms/pdfengines/metadata/write endpoint, letting unauthenticated attackers execute OS commands, exploit requires crafted HTTP request. id: CVE-2026-42589 info: name: Gotenberg - Command Injection...

9.8CVSS6.1AI score0.0295EPSS
Exploits2References3
cgr
cgr
added 2 days ago5 views

CVE-2026-42592 vulnerabilities

Vulnerabilities for packages: gotenberg...

5.3CVSS6.1AI score0.00186EPSS
Exploits1
cgr
cgr
added 2 days ago6 views

GHSA-2PMR-289P-44R3 vulnerabilities

Vulnerabilities for packages: gotenberg...

6.1AI score
Exploits0
nvd
nvd
added 6 days ago4 views

CVE-2026-55229

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTPS resources and local file resources during document conversion, enabling bli...

7.5CVSS0.00355EPSS
Exploits0References3
cve
cve
added 6 days ago88 views

CVE-2026-55229

Gotenberg prior to 8.34.0 contains an SSRF/local-file disclosure in the /forms/libreoffice/convert endpoint. A specially crafted DOCX can cause LibreOffice to fetch external HTTP(S) resources (blind SSRF) and load local image resources during conversion, potentially exposing internal endpoints an...

7.5CVSS6.1AI score0.00355EPSS
Exploits0References3
cvelist
cvelist
added 6 days ago30 views

CVE-2026-55229 Gotenberg: SSRF via LibreOffice document processing

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTPS resources and local file resources during document conversion, enabling bli...

7.5CVSS0.00355EPSS
Exploits0References3
osv
osv
added 6 days ago3 views

CVE-2026-55229 Gotenberg: SSRF via LibreOffice document processing

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTPS resources and local file resources during document conversion, enabling bli...

7.5CVSS6.1AI score0.00355EPSS
Exploits0References5
cgr
cgr
added 2026/07/02 8:22 p.m.12 views

GHSA-86M8-88FQ-XFXP vulnerabilities

Vulnerabilities for packages: gotenberg...

5.8AI score
Exploits0
cgr
cgr
added 2026/07/02 8:22 p.m.12 views

CVE-2026-45741 vulnerabilities

Vulnerabilities for packages: gotenberg...

5.8AI score0.00051EPSS
Exploits0
osv
osv
added 2026/06/25 10:34 p.m.4 views

GO-2026-5636 Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection in github.com/gotenberg/gotenberg

Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection in github.com/gotenberg/gotenberg...

9.8CVSS5.8AI score0.0295EPSS
Exploits2References2
osv
osv
added 2026/06/25 6:43 p.m.3 views

GO-2026-5244 Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes in github.com/gotenberg/gotenberg

Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes in github.com/gotenberg/gotenberg...

5.8AI score0.00051EPSS
Exploits0References1
vulncheck_kev
vulncheck_kev
added 2026/06/23 12:0 a.m.17 views

VulnCheck KEV: CVE-2026-42589

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS6.1AI score0.0295EPSS
In wildExploits2References12
osv
osv
added 2026/06/22 7:28 p.m.6 views

GO-2026-5060 Gotenberg: SSRF via LibreOffice document processing in github.com/gotenberg/gotenberg

Gotenberg: SSRF via LibreOffice document processing in github.com/gotenberg/gotenberg...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References1
osv
osv
added 2026/06/18 1:4 p.m.6 views

GHSA-2MRG-35HW-X3X9 Gotenberg: SSRF via LibreOffice document processing

Summary Server-Side Request Forgery SSRF vulnerability affecting the /forms/libreoffice/convert endpoint in Gotenberg v8.33.0 running with the default configuration. By uploading a specially crafted DOCX document, an attacker can cause LibreOffice to automatically retrieve external resources duri...

7.5CVSS5.5AI score0.00355EPSS
Exploits0References2
github
github
added 2026/06/18 1:4 p.m.9 views

Gotenberg: SSRF via LibreOffice document processing

Summary Server-Side Request Forgery SSRF vulnerability affecting the /forms/libreoffice/convert endpoint in Gotenberg v8.33.0 running with the default configuration. By uploading a specially crafted DOCX document, an attacker can cause LibreOffice to automatically retrieve external resources duri...

7.5CVSS5.5AI score0.00355EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.27 views

PT-2026-50731

Name of the Vulnerable Software and Affected Versions Gotenberg version 8.33.0 Description A Server-Side Request Forgery SSRF issue exists in the /forms/libreoffice/convert endpoint. By uploading a specially crafted DOCX document, an attacker can force LibreOffice to retrieve external resources...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42597

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...

5.9CVSS5.4AI score0.00251EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42593

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf +...

5.3CVSS5.5AI score0.00311EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42592

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when i...

5.3CVSS5.5AI score0.00186EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42591

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely...

8.2CVSS5.5AI score0.00245EPSS
Exploits1References1
Rows per page
Query Builder