Lucene search
K

4 matches found

OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5636 Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection in github.com/gotenberg/gotenberg

Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection in github.com/gotenberg/gotenberg...

9.8CVSS5.8AI score0.0295EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/14 3:11 p.m.7 views

CVE-2026-42589 Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS6AI score0.0295EPSS
Exploits2References1
Spring Security Advisories
Spring Security Advisories
added 2026/03/26 12:0 a.m.8 views

Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore

spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter . When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store , doKey embeds the key into a backtick-delimited Cypher...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/04/08 12:0 a.m.36 views

SUSE SLED15 / SLES15 Security Update : flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk (SUSE-SU-2021:1094-1)

This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues : libostree : Update to version 2020.8 Enable LTO. bsc1133120 This update contains scalability improvements and bugfixes. Caching-related HTTP headers are now supported on summaries and...

8.8CVSS8.1AI score0.0057EPSS
Exploits0References8
Rows per page
Query Builder