27958 matches found
CVE-2026-10002
Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...
CVE-2026-10002
Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...
CVE-2026-10002
CVE-2026-10002 is a use-after-free in PDFium within Google Chrome, fixed in Chrome 148.0.7778.216 and later. The vulnerability affects PDFium’s handling of crafted PDF files, enabling potential heap corruption when a remote attacker supplies a malicious document. Affected product: Google Chrome (...
CVE-2026-9993
Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted PDF file. Chromium security severity: High...
CVE-2026-9993
Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted PDF file. Chromium security severity: High...
CVE-2026-9993
Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted PDF file. Chromium security severity: High...
CVE-2026-9993
Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted PDF file. Chromium security severity: High...
CVE-2026-9958
Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...
CVE-2026-9958
Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...
CVE-2026-9958
Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...
CVE-2026-9958
CVE-2026-9958: Use-after-free in PDFium within Google Chrome (pre-148.0.7778.216) allows a remote attacker to potentially exploit heap corruption via a crafted PDF file. Affected: Google Chrome/Chromium PDFium component. Root cause: use-after-free. Impact: high (per CVSS), with potential for impa...
CVE-2026-9957
Use after free in PDF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...
CVE-2026-9957
CVE-2026-9957 describes a use-after-free in Google's Chrome PDF handling (Chromium) prior to version 148.0.7778.216. A crafted PDF could allow a remote attacker to execute arbitrary code inside Chrome’s sandbox. The public references confirm the vulnerability in the PDF component of Chromium with...
CVE-2026-43979
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...
CVE-2026-43979 Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...
CVE-2026-43979 Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...
EUVD-2026-32978
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...
CVE-2026-43979
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...
CVE-2026-43979
CVE-2026-43979 affects Local Deep Research. Before 1.6.0, PDFService._markdown_to_html() embeds user-supplied title and metadata into HTML without escaping, allowing HTML injection in the PDF export flow. This can chain into SSRF via WeasyPrint when rendering the PDF, bypassing existing SSRF defe...
Excessive Iteration
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Excessive Iteration via the processing of cross-reference streams containing /W values set to 0 0 0 and large /Size values. An...