Lucene search
+L

156 matches found

github
github
added 2025/03/20 12:32 p.m.12 views

Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint

In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading...

8.2CVSS7AI score0.00597EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2025/03/20 10:15 a.m.17 views

CVE-2024-8053

In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading...

8.2CVSS0.00597EPSS
Exploits1References1
cvelist
cvelist
added 2025/03/20 10:11 a.m.28 views

CVE-2024-8053 Improper Authentication in open-webui/open-webui

In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading...

7.5CVSS0.00597EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/03/20 10:11 a.m.16 views

CVE-2024-8053 Improper Authentication in open-webui/open-webui

In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading...

7.5CVSS7.5AI score0.00597EPSS
Exploits1References1
cve
cve
added 2025/03/20 10:11 a.m.82 views

CVE-2024-8053

Open WebUI vulnerability CVE-2024-8053 affects open-webui/open-webui v0.3.10 where the api/v1/utils/pdf endpoint lacks authentication, allowing unauthenticated access to the PDF generation service. Exploitation can involve sending a POST with an excessively large payload, potentially exhausting s...

8.2CVSS7.5AI score0.00597EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2025/03/18 12:0 a.m.5 views

jsPDF 安全漏洞

jsPDF is a JavaScript-based PDF document generation library from Parallax. A security vulnerability exists in jsPDF versions prior to 3.0.1, which stems from the first parameter of the addImage method being user-controlled, and could lead to CPU utilization and denial of service...

8.7CVSS6AI score0.00646EPSS
Exploits1References3
fedora
fedora
added 2025/01/08 3:6 a.m.18 views

[SECURITY] Fedora 40 Update: php-tcpdf-6.8.0-1.fc40

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

9.8CVSS9.6AI score0.00752EPSS
Exploits1
fedora
fedora
added 2025/01/08 2:6 a.m.21 views

[SECURITY] Fedora 41 Update: php-tcpdf-6.8.0-1.fc41

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

9.8CVSS9.6AI score0.00752EPSS
Exploits1
ptsecurity
ptsecurity
added 2024/12/27 12:0 a.m.3 views

PT-2024-35730 · Unknown · Invoice Ninja

Name of the Vulnerable Software and Affected Versions: Invoice Ninja affected versions not specified Description: A Server-Side Request Forgery SSRF issue has been discovered in Invoice Ninja, an open-source invoicing platform. This flaw could allow attackers to access sensitive files, posing...

6.7AI score
Exploits0References9
cnnvd
cnnvd
added 2024/11/26 12:0 a.m.6 views

TCPDF 安全漏洞

TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. A security vulnerability exists in TCPDF version 6.7.5, which stems from the inclusion of a local file inclusion vulnerability...

6.2CVSS6.2AI score0.00816EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2024/10/31 12:0 a.m.9 views

The vulnerability of the PDF file export function of the pdfgen component of the Splunk Enterprise platform allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the PDF file export function of the pdfgen component of the Splunk Enterprise platform relates to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information from a remote location...

4.3CVSS5.5AI score0.00349EPSS
Exploits0References4Affected Software1
vulnrichment
vulnrichment
added 2024/07/09 7:21 a.m.27 views

CVE-2024-37555 WordPress Generate PDF using Contact Form 7 plugin <= 4.0.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6...

9.1CVSS7AI score0.006EPSS
Exploits0References1
osv
osv
added 2024/05/14 4:17 p.m.4 views

CVE-2024-33864

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript...

5.9CVSS5.9AI score0.00454EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/05/14 12:0 a.m.5 views

PT-2024-25519 · Linqi · Linqi

Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue in linqi allows for Server-Side Request Forgery SSRF via Document template generation. This can be achieved through remote images in process creation, file inclusion, and PDF document...

5.9CVSS7.5AI score0.00454EPSS
Exploits0References4
fedora
fedora
added 2024/05/02 1:57 a.m.27 views

[SECURITY] Fedora 40 Update: php-tcpdf-6.7.5-1.fc40

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

7.5CVSS6.5AI score0.01325EPSS
Exploits1
cnnvd
cnnvd
added 2024/04/15 12:0 a.m.5 views

TCPDF 安全漏洞

TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. A security vulnerability exists in TCPDF versions prior to 6.7.4, which stems from incorrectly handling calls that use HTML syntax...

6.1CVSS6.1AI score0.00582EPSS
Exploits0References4
osv
osv
added 2024/03/14 4:15 p.m.3 views

CVE-2023-50168

Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation...

7.7CVSS5.8AI score0.00392EPSS
Exploits0References1
nvd
nvd
added 2024/03/14 4:15 p.m.9 views

CVE-2023-50168

Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation...

7.7CVSS7.5AI score0.00392EPSS
Exploits0References1
cve
cve
added 2024/03/14 3:40 p.m.80 views

CVE-2023-50168

CVE-2023-50168 affects Pegasystem Pega Platform versions 6.x through 8.8.4, due to an XML External Entity (XXE) vulnerability in PDF generation. The NVD and related sources classify the impact as high (CVSSv3.1: 7.7, Confidentiality Impact: High, Attack Vector: Network, Privileges Required: Low, ...

7.7CVSS6.8AI score0.00392EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2024/03/14 3:40 p.m.19 views

CVE-2023-50168

Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation...

7.7CVSS7.7AI score0.00392EPSS
Exploits0References1
Rows per page
Query Builder