Lucene search
K

310 matches found

Vulnrichment
Vulnrichment
added 2026/03/31 7:44 p.m.2 views

CVE-2026-34365 InvoiceShelf: SSRF in Estimate PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...

7.6CVSS5.8AI score0.00245EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29342

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

7.6CVSS5.8AI score0.00245EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/19 12:0 a.m.25 views

CVE-2025-55853

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery SSRF. The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTM...

0.00373EPSS
Exploits1References2
Kaspersky
Kaspersky
added 2026/02/18 12:0 a.m.5 views

KLA90896 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in PDFium can be exploited to cause denial of service. 2...

8.8CVSS6.3AI score0.00642EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/01/19 12:25 p.m.8 views

Moderate: Red Hat Security Advisory: poppler security update

An update for poppler is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.1CVSS6.5AI score0.00218EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/01/19 7:53 a.m.7 views

Moderate: Red Hat Security Advisory: poppler security update

An update for poppler is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

7.1CVSS6.5AI score0.00218EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.1 views

RHEL 8 : poppler (RHSA-2026:0772)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0772 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Out-of-Bounds Read in...

7.1CVSS6.5AI score0.00218EPSS
Exploits1References5
NVD
NVD
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50899

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

8.7CVSS0.00463EPSS
Exploits1References3
OSV
OSV
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50899

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

6.5CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 2026/01/13 10:51 p.m.22 views

CVE-2022-50899 Geonetwork 4.2.0 - XML External Entity (XXE)

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

8.7CVSS0.00463EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/13 10:51 p.m.3 views

CVE-2022-50899 Geonetwork 4.2.0 - XML External Entity (XXE)

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

8.7CVSS6.6AI score0.00463EPSS
Exploits1References3
CVE
CVE
added 2026/01/13 10:51 p.m.13 views

CVE-2022-50899

Geonetwork 3.10–4.2.0 is affected by an XML External Entity (XXE) vulnerability in the PDF rendering path. The issue arises from an insecure XML parser that can be driven by a crafted XML document with external entity references, allowing an attacker to read arbitrary server files via the baseURL...

8.7CVSS6.6AI score0.00463EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.7 views

PT-2026-2375

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

8.7CVSS7AI score0.00463EPSS
Exploits1References4
OSV
OSV
added 2026/01/06 12:0 a.m.4 views

ALSA-2026:0128 Moderate: poppler security update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Out-of-Bounds Read in Poppler CVE-2025-32365 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

7.1CVSS6.7AI score0.00218EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2016-5957

Malware in sbrugna...

9.8CVSS9.2AI score0.01416EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2726

Malicious code in bioql PyPI...

7.2CVSS6.9AI score0.01466EPSS
Exploits1References4
OSV
OSV
added 2025/10/03 7:56 p.m.5 views

RLSA-2025:7593 Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: NPDL device: Compression buffer overflow CVE-2025-27832 For more details...

5.5CVSS8AI score0.00806EPSS
Exploits0References2
Fedora
Fedora
added 2025/08/03 1:16 a.m.7 views

[SECURITY] Fedora 42 Update: poppler-25.02.0-2.fc42

poppler is a PDF rendering library...

7.1CVSS7.3AI score0.0062EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/07/02 4:46 p.m.5 views

CVE-2025-52886

A use-after-free vulnerability has been discovered in the PDF rendering library, stemming from a reference counting flaw. This issue allows an attacker, by providing specially crafted malicious input, to overflow a reference counter which subsequently leads to a use-after-free condition. While th...

6.9CVSS7.9AI score0.00371EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2025/07/02 3:46 p.m.4 views

CVE-2025-52886

Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...

6.9CVSS6.9AI score0.00371EPSS
Exploits1
Rows per page
Query Builder