CVE-2026-3778

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

EUVD-2026-17757

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

CVE-2026-3778

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

CVE-2026-3778

CVE-2026-3778 affects Foxit PDF Editor/Reader (Foxit Reader) across platforms as described in connected records. The root cause is cyclic PDF object references created by pages and annotations referencing each other in a loop, which, when the document is processed by APIs that perform deep traver...

CVE-2026-3778 Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

CVE-2026-3778

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

PT-2026-29438

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

CVE-2021-41784

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled...

EUVD-2014-7149

Malware in sbrugna...

EUVD-2025-12730

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

@openlist-frontend/openlist-frontend is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper handling of .py files containing JavaScript within...

CVE-2021-26929

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke us...

CVE-2020-25789

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document...

Mageia: Security Advisory (MGASA-2025-0150)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-4083

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox...

Cross-Site Scripting (XSS)

phpoffice/phpspreadsheet is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of the javascript protocol and special characters, allowing an attacker to craft malicious links that bypass the sanitizer...

Doppler: WAF bypass and java script incomplete handling of Unicode characters might leads to dom-xss

hello, WAF : doppler uses cloudfare firewall to prevent unwanted malicous injections "https://share.doppler.com/ext/jquery/dist/jquery.min.js?c=%22%3Cscript%3Ealert%27XSS%27%3C/script%3E%22" by accessing the endpoint you'll get to know that! But I found that this code ""%0D%0A%0D%0A" bypass the...

Zabbix 格式化字符串错误漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A Formatting String Error vulnerability exists in Zabbix versions 6.0.0 through 6.0.33, 6.4.0 through 6.4.18, and 7.0.0 through 7.0.3,...

Cross-Site Scripting (XSS)

nuxt is vulnerable to a Cross-site Scripting XSS. nuxt is vulnerable to a Cross-site Scripting XSS. The vulnerability is due to improper handling of the javascript: protocol in the navigateTo function, which fails to correctly parse and block malformed URLs due to improper usage of the unjs/ufo...

SUSE CVE-2012-2844

The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service incorrect object access or possibly have unspecified other impact via a crafted document...