Lucene search
K

1060 matches found

Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.5 views

PT-2025-3066 · Cpdf · Cpdf

Name of the Vulnerable Software and Affected Versions: cpdf versions 2.8 and earlier Description: The issue allows stack consumption via a crafted PDF document. This can be achieved through a manipulated PDF document. Recommendations: For versions 2.8 and earlier, consider updating to a version...

4CVSS7.1AI score0.00196EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/01/08 12:0 a.m.6 views

CVE-2024-54731

cpdf through 2.8 allows stack consumption via a crafted PDF document...

4CVSS6.8AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/08 12:0 a.m.10 views

CVE-2024-54731

cpdf through 2.8 allows stack consumption via a crafted PDF document...

4CVSS0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/05 1:56 p.m.29 views

CVE-2024-52271 PDF Document Spoofing in Documenso

User Interface UI Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only, not all...

8.2CVSS0.00208EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/05 10:55 a.m.19 views

CVE-2024-52270 PDF Document Spoofing in DropBox Sign(HelloSign)

User Interface UI Misrepresentation of Critical Information vulnerability in DropBox SignHelloSign allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only...

8.2CVSS6.9AI score0.00191EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/11/13 3:42 p.m.14 views

CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...

7.5CVSS7.4AI score0.0066EPSS
Exploits1References1
Talos
Talos
added 2024/10/02 12:0 a.m.18 views

Foxit Reader checkbox Calculate use-after-free vulnerability

Talos Vulnerability Report TALOS-2024-1967 Foxit Reader checkbox Calculate use-after-free vulnerability October 2, 2024 CVE Number CVE-2024-28888 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript co...

8.8CVSS8.1AI score0.0193EPSS
Exploits1
The Hacker News
The Hacker News
added 2024/08/21 11:0 a.m.30 views

New macOS Malware TodoSwift Linked to North Korean Hacking Groups

Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups. "This application shares several behaviors with malware we've seen that originated in North Korea DPRK —...

7.1AI score
Exploits0
Talos
Talos
added 2024/08/13 12:0 a.m.20 views

Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability

Talos Vulnerability Report TALOS-2024-2009 Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability August 13, 2024 CVE Number CVE-2024-41830 SUMMARY A use-after-free vulnerability exists in the AV3DVirtAnnot functionality of Adobe Acrobat Reader 2024.002.20759. A...

7.8CVSS8.1AI score0.0455EPSS
Exploits0
PyPA
PyPA
added 2024/07/17 8:15 p.m.7 views

PYSEC-2024-65

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...

5.4CVSS6.4AI score0.00324EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/05/14 4:17 p.m.16 views

CVE-2024-33864

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript...

5.9CVSS6.7AI score0.00454EPSS
Exploits0References2
CVE
CVE
added 2024/05/14 1:30 p.m.54 views

CVE-2024-33864

The CVE-2024-33864 entry covers a vulnerability in linqi prior to 1.4.0.1 on Windows that enables SSRF via Document template generation, including the use of remote images during process creation, file inclusion, and PDF document generation through malicious JavaScript. Affected component behavio...

5.9CVSS7AI score0.00454EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/04/30 3:15 p.m.18 views

CVE-2024-25938

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

8.8CVSS8.9AI score0.15639EPSS
Exploits1References2
OSV
OSV
added 2024/04/30 3:15 p.m.3 views

CVE-2024-25575

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...

8.8CVSS5.8AI score0.17716EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/30 2:38 p.m.88 views

CVE-2024-25648

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. A...

8.8CVSS9.1AI score0.15639EPSS
Exploits1References1
CVE
CVE
added 2024/04/30 2:38 p.m.90 views

CVE-2024-25575

Foxit Reader CVE-2024-25575 is a type-confusion vulnerability in the Lock object’s fields handling. Talos documents a type-confusion in Foxit Reader 2024.1.0.23997 that can cause memory corruption and arbitrary code execution via JavaScript in malicious PDFs or a crafted site when the browser plu...

8.8CVSS7.1AI score0.17716EPSS
Exploits1References2Affected Software2
NVD
NVD
added 2024/04/30 1:15 a.m.18 views

CVE-2024-4327

A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...

4CVSS3.6AI score0.00453EPSS
Exploits0References5
CVE
CVE
added 2024/04/30 1:0 a.m.40 views

CVE-2024-4327

The CVE-2024-4327 entry concerns Apryse WebViewer (up to 10.8.0). Affected component: the PDF Document Handler, where a cross-site scripting flaw has been identified. Root cause: improper handling in this component enables malicious input to execute in the context of a user session. Impact: remot...

4CVSS6AI score0.00453EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/04/30 1:0 a.m.18 views

CVE-2024-4327 Apryse WebViewer PDF Document cross site scripting

A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...

4CVSS4AI score0.00453EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/30 12:0 a.m.5 views

Apryse WebViewer 跨站脚本漏洞

Apryse WebViewer is a web browser from Apryse Corporation. A cross-site scripting vulnerability exists in Apryse WebViewer version 10.8.0, which stems from the component PDF Document Handler that causes cross-site scripting...

4CVSS6AI score0.00453EPSS
Exploits0References6
Rows per page
Query Builder