Lucene search
K

580 matches found

Nuclei
Nuclei
added 2 days ago15 views

Apache Tika - XML External Entity Injection

Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1, and tika-parsers 1.13-1.28.5 contain an XML External Entity injection caused by processing crafted XFA files inside PDFs, letting attackers perform XXE attacks remotely, exploit requires crafted PDF input. id: CVE-2025-66516 info: nam...

9.8CVSS7AI score0.79807EPSS
Exploits5References2
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-38358

pypdf: Possible infinite loop when processing threads/articles in writer...

6.9CVSS5.9AI score0.00111EPSS
Exploits0References4
NVD
NVD
added 5 days ago8 views

CVE-2026-57237

When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 5 days ago11 views

CVE-2026-13126

The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-13129

When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...

7.8CVSS0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago9 views

CVE-2026-57255

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...

6.1CVSS6AI score0.00107EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 5 days ago13 views

PT-2026-56527

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.14.0 Description An attacker can craft a PDF containing repeated malformed cross-reference streams. This causes the library to spend excessive runtimes attempting to recover broken cross-reference table entries, leadi...

7.5CVSS6.1AI score0.00345EPSS
Exploits0References11
NVD
NVD
added 2026/06/30 11:17 p.m.7 views

CVE-2026-13962

Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00272EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 8:28 p.m.4 views

CVE-2026-49460 pypdf: Inefficient decoding of FlateDecode PNG predictor streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

5.1CVSS5.9AI score0.00117EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/22 8:27 p.m.8 views

CVE-2026-49461

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....

6.9CVSS5.8AI score0.00123EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/22 11:15 a.m.6 views

Important: Red Hat Security Advisory: evince security update

An update for evince is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.4CVSS5.9AI score0.00529EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Debian dsa-6349 : atril - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6349 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6349-1 [email protected] https://www.debian.org/security/...

8.4CVSS5.8AI score0.00529EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2026/06/16 2:14 a.m.12 views

Chromium: CVE-2026-11670 Use after free in PDF

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

9.6CVSS5.2AI score0.00243EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.9 views

PT-2026-49730

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that causes excessive memory consumption. This occurs when extracting text from a page containing a form XObject a reusable PDF...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References7
OSV
OSV
added 2026/06/12 6:29 p.m.9 views

GHSA-248M-82V9-Q6G6 pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. Patches This has been fixed in pypdf==6.12.0. Workarounds If developers are unable to upgrade their apps immediately, the...

5.1CVSS5.2AI score0.00124EPSS
Exploits0References6
NVD
NVD
added 2026/06/11 8:16 p.m.17 views

CVE-2026-45802

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script...

6CVSS0.00259EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 12:16 a.m.8 views

DEBIAN-CVE-2026-11670

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 11:27 p.m.11 views

CVE-2026-11670

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

6AI score0.00224EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 11:27 p.m.42 views

CVE-2026-11670

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

0.00224EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 11:27 p.m.49 views

CVE-2026-11670

CVE-2026-11670: Use-after-free in PDF handling in Google Chrome prior to 149.0.7827.103 enables remote code execution in the sandbox when parsing a crafted PDF. Affected component is Chrome's PDF rendering; impact is high. Remediation per the connected documents is to update to Chrome 149.0.7827....

8.8CVSS6AI score0.00224EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder