156 matches found
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint
In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading...
CVE-2024-8053
In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading...
CVE-2024-8053 Improper Authentication in open-webui/open-webui
In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading...
CVE-2024-8053 Improper Authentication in open-webui/open-webui
In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading...
CVE-2024-8053
Open WebUI vulnerability CVE-2024-8053 affects open-webui/open-webui v0.3.10 where the api/v1/utils/pdf endpoint lacks authentication, allowing unauthenticated access to the PDF generation service. Exploitation can involve sending a POST with an excessively large payload, potentially exhausting s...
jsPDF 安全漏洞
jsPDF is a JavaScript-based PDF document generation library from Parallax. A security vulnerability exists in jsPDF versions prior to 3.0.1, which stems from the first parameter of the addImage method being user-controlled, and could lead to CPU utilization and denial of service...
[SECURITY] Fedora 40 Update: php-tcpdf-6.8.0-1.fc40
PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...
[SECURITY] Fedora 41 Update: php-tcpdf-6.8.0-1.fc41
PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...
PT-2024-35730 · Unknown · Invoice Ninja
Name of the Vulnerable Software and Affected Versions: Invoice Ninja affected versions not specified Description: A Server-Side Request Forgery SSRF issue has been discovered in Invoice Ninja, an open-source invoicing platform. This flaw could allow attackers to access sensitive files, posing...
TCPDF 安全漏洞
TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. A security vulnerability exists in TCPDF version 6.7.5, which stems from the inclusion of a local file inclusion vulnerability...
The vulnerability of the PDF file export function of the pdfgen component of the Splunk Enterprise platform allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the PDF file export function of the pdfgen component of the Splunk Enterprise platform relates to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information from a remote location...
CVE-2024-37555 WordPress Generate PDF using Contact Form 7 plugin <= 4.0.6 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6...
CVE-2024-33864
An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript...
PT-2024-25519 · Linqi · Linqi
Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue in linqi allows for Server-Side Request Forgery SSRF via Document template generation. This can be achieved through remote images in process creation, file inclusion, and PDF document...
[SECURITY] Fedora 40 Update: php-tcpdf-6.7.5-1.fc40
PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...
TCPDF 安全漏洞
TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. A security vulnerability exists in TCPDF versions prior to 6.7.4, which stems from incorrectly handling calls that use HTML syntax...
CVE-2023-50168
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation...
CVE-2023-50168
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation...
CVE-2023-50168
CVE-2023-50168 affects Pegasystem Pega Platform versions 6.x through 8.8.4, due to an XML External Entity (XXE) vulnerability in PDF generation. The NVD and related sources classify the impact as high (CVSSv3.1: 7.7, Confidentiality Impact: High, Attack Vector: Network, Privileges Required: Low, ...
CVE-2023-50168
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation...