CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/07/28 7:57 p.m.•0 views

GO-2025-3778 Gogs XSS allowed by stored call in PDF renderer in gogs.io/gogs

Gogs XSS allowed by stored call in PDF renderer in gogs.io/gogs...

6.3CVSS5.2AI score0.00253EPSS

Github Security Blog•added 2025/06/26 4:54 p.m.•44 views

Gogs XSS allowed by stored call in PDF renderer

Summary A stored XSS is present in Gogs which allows client-side Javascript code execution. Details Gogs Version: docker images REPOSITORY TAG IMAGE ID CREATED SIZE gogs/gogs latest fe92583bc4fe 10 hours ago 99.3MB Application version: 0.14.0+dev Local setup using: bash Pull image from Docker Hub...

6.3CVSS8.5AI score0.00253EPSS

Exploits0References6Affected Software2

CVE•added 2025/06/24 3:48 a.m.•21 views

CVE-2025-47943

CVE-2025-47943 affects Gogs (self-hosted Git service). The vulnerability is a stored XSS in the PDF rendering path, caused by an outdated pdfjs-1.4.20 component located under public/plugins/. Affected versions are 0.14.0+dev and prior. The issue has been fixed in gogs.io/gogs with version 0.13.3 ...

6.3CVSS6.2AI score0.00253EPSS

Cvelist•added 2025/06/24 3:48 a.m.•6 views

CVE-2025-47943 Gogs stored XSS in PDF renderer

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting XSS vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated componen...

6.3CVSS0.00253EPSS

Vulnrichment•added 2025/06/24 3:48 a.m.•2 views

CVE-2025-47943 Gogs stored XSS in PDF renderer

6.3CVSS6.1AI score0.00253EPSS

Talos•added 2020/07/02 12:0 a.m.•96 views

Google Chrome PDFium Javascript Regexp Memory Corruption Vulnerability

Summary An exploitable memory corruption vulnerability exists in the way PDFium inside Google Chrome version 80.0.3987.158 executes Javascript regular expressions. The vulnerability could potentially be abused to achieve arbitrary code execution in the browser context. In order to trigger this...

8.8CVSS9.3AI score0.00805EPSS

Talos•added 2018/10/03 12:0 a.m.•645 views

Google PDFium JBIG2 image ComposeToOpt2WithRect information disclosure vulnerability

Summary An exploitable out-of-bounds read on the heap vulnerability exists in the JBIG2 parsing code of Google Chrome version 67.0.3396.99. A specially crafted PDF document can trigger an out-of-bounds read, which can possibly lead to an information leak that could be used as part of an exploit. ...

8.8CVSS8.9AI score0.00614EPSS

NVD•added 2018/05/29 8:29 p.m.•14 views

CVE-2016-10591

Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince1 CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled...

9.3CVSS8.3AI score0.00735EPSS

Exploits0References1

Prion•added 2018/05/29 8:29 p.m.•14 views

Remote code execution

9.3CVSS8AI score0.00735EPSS

Exploits0References1Affected Software1

CVE•added 2018/05/29 8:0 p.m.•48 views

CVE-2016-10591

CVE-2016-10591 affects Prince (Node API for executing PrinceXML via the prince(1) CLI). The vulnerability arises because Prince downloads zipped resources over HTTP, making it susceptible to Man-in-the-Middle attacks that could swap the requested tarball/executable with a malicious one. In networ...

9.3CVSS8.2AI score0.00735EPSS

Exploits0References1Affected Software1

exploitpack•added 2016/02/02 12:0 a.m.•26 views

pdfium - opj_t2_read_packet_header libopenjpeg Heap Use-After-Free

pdfium - opjt2readpacketheader libopenjpeg Heap Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=613 The following crash was encountered in pdfium the Chrome PDF renderer during PDF fuzzing: --- cut --- $ ./pdfiumtest...

exploitpack•added 2016/01/26 12:0 a.m.•16 views

pdfium - opj_j2k_read_mcc libopenjpeg Heap Out-of-Bounds Read

pdfium - opjj2kreadmcc libopenjpeg Heap Out-of-Bounds Read Source: https://code.google.com/p/google-security-research/issues/detail?id=624 The following crash was encountered in pdfium the Chrome PDF renderer during PDF fuzzing: --- cut --- $ ./pdfiumtest...

0day.today•added 2016/01/26 12:0 a.m.•28 views

pdfium - opj_j2k_read_mcc (libopenjpeg) Heap Based Out-of-Bounds Read

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=624 The following crash was encountered in pdfium the Chrome PDF renderer during PDF fuzzing: --- cut --- $ ./pdfiumtest...

7.1AI score

Exploit DB•added 2016/01/26 12:0 a.m.•34 views

pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read

Source: https://code.google.com/p/google-security-research/issues/detail?id=624 The following crash was encountered in pdfium the Chrome PDF renderer during PDF fuzzing: --- cut --- $ ./pdfiumtest asanheap-oob91e21c3386e3df547c206840ceb03fd7c7ca823e7a Rendering PDF file...

Exploit DB•added 2016/01/26 12:0 a.m.•28 views

pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Out-of-Bounds Read

Source: https://code.google.com/p/google-security-research/issues/detail?id=626 The following crash was encountered in pdfium the Chrome PDF renderer during PDF fuzzing: --- cut --- ==9326==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6250001bf680 at pc 0x000000892375 bp...

exploitpack•added 2016/01/26 12:0 a.m.•21 views

pdfium - opj_jp2_apply_pclr libopenjpeg Heap Out-of-Bounds Read

pdfium - opjjp2applypclr libopenjpeg Heap Out-of-Bounds Read Source: https://code.google.com/p/google-security-research/issues/detail?id=626 The following crash was encountered in pdfium the Chrome PDF renderer during PDF fuzzing: --- cut --- ==9326==ERROR: AddressSanitizer: heap-buffer-overflow ...