CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

235 matches found

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-40314

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

5.5CVSS5.7AI score0.00012EPSS

Exploits0References6

Positive Technologies•added 2026/05/04 12:0 a.m.•3 views

PT-2026-37199

Name of the Vulnerable Software and Affected Versions Pillow versions 4.2.0 through 12.1.x Description A flaw in the PdfParser allows an attacker to supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This occurs because...

5.5CVSS5.8AI score0.00012EPSS

Exploits0References18

ATTACKERKB•added 2026/05/01 4:1 p.m.•0 views

CVE-2026-23863

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of...

6.5CVSS5.8AI score0.00012EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/28 7:31 a.m.•0 views

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.5CVSS5.2AI score0.00068EPSS

Exploits0References1

Positive Technologies•added 2026/04/28 12:0 a.m.•2 views

PT-2026-35689

6.5CVSS5.2AI score0.00068EPSS

Exploits0References2

CNVD•added 2026/04/16 12:0 a.m.•2 views

Google Chrome PDFium Heap Buffer Overflow Vulnerability

Google Chrome is a web browser developed by Google with a built-in PDFium component for rendering PDF documents. Google Chrome's PDFium suffers from a heap buffer overflow vulnerability that stems from a failure to properly handle certain data in a specially crafted PDF file, which can be exploit...

8.8CVSS6.4AI score0.00037EPSS

Exploits0

HackRead•added 2026/04/09 4:45 p.m.•3 views

Adobe Reader Zero-Day Exploited to Steal Data via Malicious PDFs

An Adobe Reader zero-day vulnerability is being actively exploited via malicious PDFs, allowing hackers to steal data without user interaction, with no patch available...

5.9AI score

Exploits0

Positive Technologies•added 2026/03/31 12:0 a.m.•0 views

PT-2026-29357

Name of the Vulnerable Software and Affected Versions XML Notepad versions prior to 2.9.0.21 Description XML Notepad, a Windows program for editing XML documents, does not disable DTD processing by default before version 2.9.0.21. This allows for the resolution of external entities. An attacker c...

6.5CVSS5.9AI score0.00285EPSS

Exploits0References7

SUSE CVE•added 2026/03/22 12:23 a.m.•3 views

SUSE CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

6.5CVSS5.7AI score0.00014EPSS

Exploits0References3

OSV•added 2026/02/26 10:55 p.m.•2 views

CVE-2026-28274 Initiative Vulnerable to Token Theft via Stored XSS in Document Uploads

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting XSS in the document upload functionality. Any user with upload permissions within the "Initiatives" section can upload a malicious .html or .htm file ...

8.7CVSS5.8AI score0.00045EPSS

Exploits1References4

NVD•added 2026/01/22 3:15 a.m.•2 views

CVE-2026-24002

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9.6CVSS0.00032EPSS

Exploits0References2

EUVD•added 2025/12/11 12:0 a.m.•1 views

EUVD-2025-202691

An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query with a crafted cDIPath parameter e.g., "/" may cause an out-of-bounds read in internal path-parsing logic, potentially leadi...

3.3CVSS5.8AI score0.00017EPSS

Exploits0References2

OSV•added 2025/10/28 1:50 p.m.•1 views

JLSEC-2025-195 An integer overflow was addressed with improved input validation

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this...

7.8CVSS7.6AI score0.71973EPSS

Exploits2References16

EUVD•added 2025/10/20 9:56 a.m.•1 views

EUVD-2025-35044

Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...

5.3CVSS5.8AI score0.00056EPSS

Exploits0References2

Vulnrichment•added 2025/10/20 9:56 a.m.•4 views

CVE-2025-8349 Cross-Site Scripting (XSS) stored in Tawk Live Chat

5.3CVSS5.9AI score0.00056EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-7011

Malware in sbrugna...

6.8CVSS5.5AI score0.00081EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views