CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/26 1:19 p.m.•23 views

CVE-2018-25279 jiNa OCR Image to Text 1.0 Denial of Service via PNG

jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert...

6.9CVSS0.00017EPSS

Exploits0References3

CVE•added 2026/04/26 1:19 p.m.•3 views

CVE-2018-25279

jiNa OCR Image to Text 1.0 contains a local denial-of-service vulnerability: processing a specially crafted PNG with an oversized buffer causes the application to crash during PNG-to-PDF conversion. Root cause: malformed PNG triggers a crash in the image-to-text pipeline. Impact is local, with av...

6.9CVSS5.5AI score0.00017EPSS

Exploits0References3

ATTACKERKB•added 2026/04/26 1:19 p.m.•0 views

CVE-2018-25279

6.9CVSS5.4AI score0.00017EPSS

Exploits0References3Affected Software1

SUSE CVE•added 2026/04/24 1:36 a.m.•3 views

SUSE CVE-2025-53000

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...

7.8CVSS5.9AI score0.00014EPSS

EUVD•added 2026/04/17 9:24 p.m.•0 views

EUVD-2026-23502

Dolibarr: OS Command Injection RCE via MAINODTASPDF configuration...

9.4CVSS5.8AI score0.00166EPSS

Exploits3References2

Positive Technologies•added 2026/04/17 12:0 a.m.•3 views

PT-2026-33504

Name of the Vulnerable Software and Affected Versions Dolibarr versions prior to 23.0.0 Description Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. An authenticated administrator can achieve remote code execution as the web server user by...

9.4CVSS6.5AI score0.00166EPSS

Exploits3References14

CNNVD•added 2026/04/17 12:0 a.m.•5 views

Dolibarr 安全漏洞

Dolibarr is an open-source application developed by Dolibarr developers. It helps manage activities of user organizations. Versions of Dolibarr prior to 23.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the process of converting ODT files to PDF, where configuration...

9.4CVSS6.3AI score0.00166EPSS

Exploits3References1

RedhatCVE•added 2026/03/26 3:1 p.m.•2 views

CVE-2026-27625

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

8.1CVSS5.9AI score0.00022EPSS

CNNVD•added 2026/03/26 12:0 a.m.•3 views

Stirling-PDF 跨站脚本漏洞

Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Version 2.7.3 of Stirling-PDF contains a cross-site scripting vulnerability. This vulnerability stems from the /api/v1/convert/eml/pdf endpoint parameter with...

6.1CVSS5.7AI score0.00021EPSS

RedhatCVE•added 2025/12/18 3:23 p.m.•1 views

CVE-2025-53000

A flaw was found in nbconvert, specifically in the jupyter nbconvert tool on Windows. A third party can exploit this vulnerability by creating a malicious inkscape.bat file in a directory. When a user then converts a Jupyter notebook containing SVG output to a PDF from this directory, the malicio...

8.5CVSS7AI score0.00014EPSS

Exploits1References4

Tenable Nessus•added 2025/12/18 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2025-53000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6...

OSV•added 2025/12/17 9:16 p.m.•2 views

UBUNTU-CVE-2025-53000

8.5CVSS6AI score0.00014EPSS

Exploits1References3

UbuntuCve•added 2025/12/17 9:16 p.m.•1 views

CVE-2025-53000

CVE•added 2025/12/17 8:27 p.m.•42 views

CVE-2025-53000

The CVE-2025-53000 issue affects nbconvert (jupyter nbconvert) on Windows prior to 7.17.0, where exporting a notebook with SVG output to PDF could execute arbitrary code. The root cause is an unsafe search for the Inkscape executable: nbconvert’s svg2pdf.py uses shutil.which("inkscape"), which ma...

Exploits1References6Affected Software1

ATTACKERKB•added 2025/12/17 8:27 p.m.•2 views

CVE-2025-53000

8.5CVSS6AI score0.00014EPSS

Exploits1References6

Vulnrichment•added 2025/12/17 8:27 p.m.•1 views

CVE-2025-53000 nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

RedhatCVE•added 2025/12/11 12:58 a.m.•4 views

Exploits1References6

CVE-2025-67506

PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload...

9.8CVSS7AI score0.00383EPSS

OSV•added 2025/12/10 12:36 a.m.•3 views

CVE-2025-67506 PipesHub Vulnerable to Path Traversal through Unauthenticated Arbitrary File Upload

9.8CVSS7AI score0.00383EPSS

Exploits1References4

Vulnrichment•added 2025/12/10 12:36 a.m.•2 views

CVE-2025-67506 PipesHub Vulnerable to Path Traversal through Unauthenticated Arbitrary File Upload

9.8CVSS6.7AI score0.00383EPSS